Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have loads of weird enteries really need help - FRST OTL and HiJackThis


  • This topic is locked This topic is locked
36 replies to this topic

#1 Robert20998735

Robert20998735

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 02 April 2016 - 05:58 AM

Hi,

 

I have loads of weird entries and keep finding Trojan's loaded on my machine there is some important stuff on here and i am concerned and would really like help from someone who understands all this stuff i have including all logs i can

 

I did install Win10-privacy or something similar which stop star menu working, i am not sure if this has loaded some rubbish on my machine but i would be grateful for someone taking a look at my logs

 

Thank you.

 

Ed

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Sales (administrator) on DESKTOP-PC (02-04-2016 12:13:46)
Running from C:\Users\Sales\Desktop
Loaded Profiles: Sales (Available Profiles: Sales)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\Strike5Service\Strike5.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwtxapps.exe
() C:\Program Files (x86)\SecureSafe\SecureSafe.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Initex) C:\Program Files (x86)\Proxifier\Proxifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
() C:\Program Files\Safejumper\safejumper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-17] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2841536 2016-02-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [S.T.R.I.K.E.5 Service] => C:\Program Files\Mad Catz\Strike5Service\Strike5.exe [150528 2015-10-01] (Mad Catz Inc)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [proxy_sh] => C:\Program Files\Safejumper\safejumper.exe [1851904 2015-12-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-03-22] (QFX Software Corporation)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-03-17] (Bitdefender)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [securesafe] => C:\Program Files (x86)\SecureSafe\SecureSafe.exe [8503832 2015-11-18] ()
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Proxifier] => c:\program files (x86)\proxifier\proxifier.exe [4624976 2015-12-02] (Initex)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [16879944 2016-01-22] (Corsair Components, Inc.)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\MountPoints2: {e7023b51-afa3-11e5-bbf1-806e6f6e6963} - "explorer.exe" index.html
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 17 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 17 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{364d1e97-3282-4ccc-95a2-b2e7c066bbfb}: [NameServer] 192.168.1.200
Tcpip\..\Interfaces\{8d72b039-66c8-4a35-8e02-d318303f6c49}: [NameServer] 192.168.1.252
Tcpip\..\Interfaces\{d48afd72-c35c-4635-a714-78e2a268d302}: [NameServer] 192.168.1.200

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-106550278-2020945526-1740148854-1001 -> {DCD929F4-2178-481F-AE37-9B4FA7EDE295} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-29] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-23] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-29] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-29] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKU\S-1-5-21-106550278-2020945526-1740148854-1001 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-16] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-29] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-16] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF Extension: BitTorrent WebUI+ - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\extensions\BitTorrent_WebUI_2@firefox.alexisbrunet.com.xpi [2016-01-01]
FF Extension: CouchPotato - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{1EB88DA7-4F70-4E70-923F-810E4F0C9FDF}.xpi [2016-02-02]
FF Extension: Video DownloadHelper - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-03-08]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-14]
CHR Extension: (Google Drive) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-14]
CHR Extension: (YouTube) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-14]
CHR Extension: (Google Search) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-14]
CHR Extension: (Bitdefender Wallet) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-14]
CHR Extension: (Yahoo Web) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedgghdcpmmmilkmfpnklknlenbiolec [2016-01-14]
CHR Extension: (Google Sheets) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]
CHR Extension: (Gmail) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-14]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [36600 2013-09-09] (APC)
R2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [57160 2013-09-09] (APC)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-04-21] () [File not signed]
R2 ASUS LED Control Service; C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe [283928 2015-06-26] (TODO: <Company name>)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe [395736 2015-12-31] (ASUSTeK Computer Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-12-31] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [81224 2016-01-22] (Corsair Components, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-02-23] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2385832 2016-01-25] (Maxthon)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-02-23] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3719104 2016-02-23] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2617792 2016-02-23] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-09] (The OpenVPN Project)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [925328 2016-03-21] (Bitdefender)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-03-17] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-02] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-12-31] (Broadcom Corporation.)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-03-17] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2016-04-02] (CPUID)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [530416 2015-06-18] (Intel Corporation)
R3 e1rexpress; C:\Windows\system32\DRIVERS\e1r65x64.sys [486344 2015-04-20] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2015-07-07] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [290032 2016-03-17] (Bitdefender)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-04-21] (ASUSTeK Computer Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R2 monblanking; C:\Windows\system32\DRIVERS\monblanking.sys [37112 2016-02-26] (Citrix Systems)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 nvme; C:\Windows\System32\drivers\nvme.sys [118280 2015-10-16] (Samsung Electronics Co., Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [75568 2014-12-19] (OCZ Storage Solutions)
S0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [19424 2014-12-19] (OCZ Storage Solutions)
S3 PUSBODD2; C:\Windows\System32\drivers\PUSBODD2.SYS [35120 2013-02-01] (Pioneer Corporation.)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3764736 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 Said1108; C:\Windows\System32\drivers\Said1108.sys [25280 2015-10-06] (Saitek)
R3 SaiK1108; C:\Windows\system32\DRIVERS\SaiK1108.sys [180928 2015-10-06] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2015-10-01] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51488 2015-10-06] (Saitek)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-02] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 _hid_0738_1709; C:\Windows\system32\DRIVERS\_hid_0738_1709.sys [180928 2015-10-01] (Saitek)
R3 _usb_0738_1709; C:\Windows\System32\drivers\_usb_0738_1709.sys [46528 2015-10-01] (Saitek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 12:11 - 2016-04-02 12:11 - 00000022 _____ C:\Windows\S.dirmngr
2016-04-02 11:38 - 2016-04-02 11:38 - 00165376 _____ C:\Users\Sales\Desktop\SystemLook_x64.exe
2016-04-02 01:17 - 2016-04-02 01:17 - 00108374 _____ C:\Users\Sales\Desktop\Extras.Txt
2016-04-02 01:12 - 2016-04-02 01:12 - 00061587 _____ C:\Users\Sales\Desktop\Shortcut.txt
2016-04-01 22:20 - 2016-04-01 22:20 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (2).txt
2016-03-26 21:14 - 2016-03-26 21:14 - 00000000 ____D C:\Users\Sales\AppData\Roaming\TeamViewer
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\ProgramData\CitrixLogs
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\ProgramData\Citrix
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-03-24 20:41 - 2016-02-26 05:15 - 00131056 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll
2016-03-24 20:41 - 2016-02-26 05:01 - 00037112 _____ (Citrix Systems) C:\Windows\system32\Drivers\monblanking.sys
2016-03-24 12:19 - 2016-03-24 12:19 - 00037664 ____R C:\Users\Sales\Desktop\psh-pli-large.pbk
2016-03-24 10:47 - 2016-03-24 10:47 - 00201618 _____ C:\Users\Sales\Documents\cc_20160324_094748.reg
2016-03-24 06:09 - 2016-03-24 06:09 - 279939936 _____ C:\Users\Sales\Documents\z.pcapng
2016-03-24 06:09 - 2016-03-24 06:09 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Wireshark
2016-03-23 02:52 - 2016-03-23 02:52 - 00025973 _____ C:\ProgramData\1458697960.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 00025902 _____ C:\ProgramData\1458697956.bdinstall.bin
2016-03-23 01:54 - 2016-03-23 01:54 - 00004775 _____ C:\Users\Sales\Desktop\startuplist.txt
2016-03-23 01:53 - 2016-03-23 01:53 - 00280532 _____ C:\Users\Sales\Desktop\OT2L.Txt
2016-03-23 01:23 - 2016-03-23 01:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Sales\Desktop\rkill(1)64.exe
2016-03-23 01:18 - 2016-03-23 01:53 - 00000144 _____ C:\Users\Sales\Desktop\New Text Document.txt
2016-03-23 00:25 - 2016-04-02 01:17 - 03213394 _____ C:\Users\Sales\Desktop\OTL.Txt
2016-03-23 00:23 - 2016-03-23 00:23 - 00000000 ____D C:\Users\Sales\Desktop\backups
2016-03-22 20:11 - 2016-03-22 20:11 - 00112144 _____ (QFX Software Corporation) C:\Windows\system32\KeyScramblerLogon.dll
2016-03-22 14:31 - 2016-03-26 21:19 - 00001076 _____ C:\Users\Sales\Desktop\Electrum.lnk
2016-03-22 14:31 - 2016-03-22 14:31 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum
2016-03-22 14:30 - 2016-03-22 14:31 - 00000000 ____D C:\Program Files (x86)\Electrum
2016-03-22 02:39 - 2016-03-22 02:39 - 00008587 _____ C:\Users\Sales\Documents\Customerlistbitty.xlsx
2016-03-20 20:47 - 2016-03-21 01:07 - 00000000 ____D C:\Users\Sales\AppData\Roaming\BritCoin
2016-03-20 12:25 - 2016-03-20 12:28 - 00000000 ____D C:\Users\Sales\Desktop\heli
2016-03-19 17:00 - 2016-03-21 02:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 12:44 - 2016-03-23 14:11 - 00000000 ____D C:\Users\Sales\dwhelper
2016-03-15 14:22 - 2016-03-15 14:27 - 00000000 ____D C:\Users\Sales\Desktop\Individual Servers
2016-03-15 14:20 - 2014-10-01 16:09 - 00004846 _____ C:\Users\Sales\Desktop\France Hub - TCP.ovpn
2016-03-15 14:19 - 2014-10-01 16:09 - 00004846 _____ C:\Users\Sales\Desktop\Europe Hub - TCP.ovpn
2016-03-15 14:19 - 2014-04-11 07:13 - 00002280 _____ C:\Users\Sales\Desktop\proxysh.crt
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Windows Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Mac, Linux & Android Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Mac Tunnelblick Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\iOS Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\DD-WRT Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Certificate File
2016-03-15 14:18 - 2016-03-15 14:17 - 17796517 ____R C:\Users\Sales\Desktop\psh-ovpn-large.zip
2016-03-15 14:18 - 2014-10-01 16:09 - 00002506 _____ C:\Users\Sales\Desktop\README.txt
2016-03-14 14:23 - 2016-03-14 14:23 - 00001403 _____ C:\Users\Sales\Desktop\outlook 2007 (2) gl 1519.jpg - Shortcut.lnk
2016-03-12 06:56 - 2016-03-12 20:59 - 00000000 ____D C:\Users\Sales\Desktop\1
2016-03-12 06:56 - 2016-03-12 06:56 - 00000000 ____D C:\Users\Sales\Desktop\BittyClient - Copy
2016-03-11 14:20 - 2016-03-12 17:00 - 00000000 ____D C:\Users\Sales\Desktop\bittysantander2
2016-03-11 14:19 - 2016-03-11 23:54 - 00000000 ____D C:\Bclients
2016-03-11 14:08 - 2016-03-11 14:08 - 00000385 _____ C:\Users\Sales\AppData\Roaminguser_gensett.xml
2016-03-11 14:06 - 2016-04-02 12:10 - 00006849 _____ C:\bdlog.txt
2016-03-09 03:31 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-09 03:31 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-09 03:31 - 2016-02-24 10:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 03:31 - 2016-02-24 10:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 03:31 - 2016-02-24 10:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 03:31 - 2016-02-24 10:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 03:31 - 2016-02-24 10:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 03:31 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-09 03:31 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-03-09 03:31 - 2016-02-24 10:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 03:31 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 03:31 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 03:31 - 2016-02-24 09:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 03:31 - 2016-02-24 09:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-03-09 03:31 - 2016-02-24 09:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-09 03:31 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-03-09 03:31 - 2016-02-24 09:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 03:31 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-03-09 03:31 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 03:31 - 2016-02-24 09:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-09 03:31 - 2016-02-24 09:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-09 03:31 - 2016-02-24 09:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-09 03:31 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-09 03:31 - 2016-02-24 09:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-09 03:31 - 2016-02-24 09:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-09 03:31 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-09 03:31 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-09 03:31 - 2016-02-24 09:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-09 03:31 - 2016-02-24 08:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 03:31 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-03-09 03:31 - 2016-02-24 08:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-09 03:31 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-03-09 03:31 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-03-09 03:31 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-09 03:31 - 2016-02-24 08:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 03:31 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-09 03:31 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-09 03:31 - 2016-02-24 08:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 03:31 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-03-09 03:31 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-03-09 03:31 - 2016-02-24 08:23 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-03-09 03:31 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 03:31 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-09 03:31 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-03-09 03:31 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 03:31 - 2016-02-24 08:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 03:31 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-03-09 03:31 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-03-09 03:31 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-03-09 03:31 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-03-09 03:31 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-03-09 03:31 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-03-09 03:31 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-03-09 03:31 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-03-09 03:31 - 2016-02-24 08:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-03-09 03:31 - 2016-02-24 08:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 03:31 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-03-09 03:31 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-03-09 03:31 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-09 03:31 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-09 03:31 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 03:31 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-09 03:31 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 03:31 - 2016-02-24 07:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 03:31 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-03-09 03:31 - 2016-02-24 07:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 03:31 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-09 03:31 - 2016-02-24 07:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-03-09 03:31 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-09 03:31 - 2016-02-24 07:42 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-03-09 03:31 - 2016-02-24 07:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-03-09 03:31 - 2016-02-24 07:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-03-09 03:31 - 2016-02-24 07:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 07:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-09 03:31 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-09 03:31 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-09 03:31 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-09 03:31 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-03-09 03:31 - 2016-02-24 07:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 03:31 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-09 03:31 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-09 03:31 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-09 03:31 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-09 03:31 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-09 03:31 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-09 03:31 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-09 03:31 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 03:31 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-09 03:31 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-09 03:31 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-09 03:31 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-09 03:31 - 2016-02-24 07:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-09 03:31 - 2016-02-24 07:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-09 03:31 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-09 03:31 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-09 03:31 - 2016-02-24 07:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-09 03:31 - 2016-02-24 07:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 03:31 - 2016-02-24 07:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-03-09 03:31 - 2016-02-24 06:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-09 03:31 - 2016-02-24 06:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-09 03:31 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-03-09 03:31 - 2016-02-24 06:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-09 03:31 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-09 03:31 - 2016-02-24 06:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-09 03:31 - 2016-02-24 06:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-09 03:31 - 2016-02-24 06:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 03:31 - 2016-02-24 06:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 03:31 - 2016-02-24 06:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 03:31 - 2016-02-24 06:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 03:31 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 03:31 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 03:31 - 2016-02-24 05:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-09 03:31 - 2016-02-24 05:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-03-06 18:33 - 2016-03-06 18:33 - 00000000 ____D C:\Users\Sales\Documents\Outlook Files
2016-03-05 11:18 - 2016-03-03 07:22 - 00000000 ____D C:\Program Files (x86)\go-ethereum-1.3.5

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 12:13 - 2016-01-25 20:09 - 00032910 _____ C:\Users\Sales\Desktop\FRST.txt
2016-04-02 12:13 - 2016-01-11 22:11 - 00000000 ____D C:\FRST
2016-04-02 12:13 - 2016-01-05 10:45 - 00000000 ____D C:\Users\Sales\AppData\Local\CrashDumps
2016-04-02 12:12 - 2015-12-31 19:06 - 03021824 _____ C:\Users\Sales\AppData\Local\com.dswiss.securesafe.db3
2016-04-02 12:12 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-02 12:11 - 2016-01-14 21:28 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-02 12:11 - 2016-01-08 18:06 - 00007944 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
2016-04-02 12:11 - 2016-01-02 12:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-02 12:11 - 2015-12-31 10:41 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-02 12:10 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-02 12:01 - 2016-01-15 11:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-02 11:38 - 2016-01-14 21:28 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-02 08:58 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\CLink4
2016-04-02 02:26 - 2016-01-03 21:27 - 00000000 ____D C:\Program Files\CCleaner
2016-04-02 02:26 - 2015-12-31 10:46 - 00890954 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-02 02:26 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-02 02:20 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-04-02 01:16 - 2016-02-27 17:57 - 00000000 ____D C:\Users\Sales\Desktop\FRST-OlderVersion
2016-04-02 01:16 - 2016-01-12 11:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-04-02 01:16 - 2015-12-31 10:43 - 00000000 ____D C:\Users\Sales
2016-04-02 01:12 - 2016-02-09 21:14 - 00039998 _____ C:\Users\Sales\Desktop\Addition.txt
2016-04-02 01:01 - 2016-01-25 20:02 - 00005824 _____ C:\Users\Sales\Desktop\Rkill.txt
2016-04-02 00:12 - 2016-02-07 17:28 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-26 21:19 - 2016-02-27 14:37 - 00000933 _____ C:\Users\Sales\Desktop\Safejumper.lnk
2016-03-26 21:19 - 2016-02-21 16:34 - 00001424 _____ C:\Users\Sales\Desktop\PowerChute Business Edition Console.lnk
2016-03-26 21:19 - 2016-02-09 13:32 - 00001023 _____ C:\Users\Sales\Desktop\PerformanceTest.lnk
2016-03-26 21:19 - 2016-01-22 12:59 - 00001821 _____ C:\Users\Sales\Desktop\EXCEL.EXE - Shortcut.lnk
2016-03-26 21:19 - 2016-01-22 12:58 - 00001841 _____ C:\Users\Sales\Desktop\WINWORD.EXE - Shortcut.lnk
2016-03-26 21:19 - 2016-01-22 12:01 - 00001088 _____ C:\Users\Sales\Desktop\Proxifier.lnk
2016-03-26 21:19 - 2016-01-11 14:49 - 00001602 _____ C:\Users\Sales\Desktop\iexplore.exe - Shortcut.lnk
2016-03-26 21:19 - 2016-01-01 22:10 - 00001092 _____ C:\Users\Sales\Desktop\FlashFXP 5.lnk
2016-03-26 21:19 - 2015-12-31 11:23 - 00002069 _____ C:\Users\Sales\Desktop\chrome.exe - Shortcut.lnk
2016-03-24 20:45 - 2016-01-14 10:30 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Skype
2016-03-24 20:37 - 2016-01-14 10:31 - 00000000 ____D C:\Users\Sales\AppData\Roaming\.purple
2016-03-24 10:48 - 2015-12-31 20:22 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-24 10:48 - 2015-12-31 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-24 09:15 - 2016-01-04 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2016-03-24 09:15 - 2016-01-04 17:42 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2016-03-24 03:57 - 2015-12-31 14:01 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Bitcoin
2016-03-23 11:44 - 2015-12-31 14:12 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Armory
2016-03-23 03:10 - 2015-12-31 12:48 - 00000000 ____D C:\ProgramData\BDLogging
2016-03-23 02:52 - 2015-12-31 12:45 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-03-23 02:18 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-23 02:05 - 2015-12-31 12:48 - 00002270 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-03-23 02:03 - 2016-02-27 18:08 - 00000000 ____D C:\Users\Sales\Desktop\mbar
2016-03-23 02:03 - 2016-02-27 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-23 01:58 - 2016-01-05 11:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-23 01:57 - 2016-02-27 18:08 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-23 00:48 - 2016-01-01 22:10 - 00000000 ____D C:\Program Files (x86)\FlashFXP 5
2016-03-22 13:32 - 2016-02-24 19:02 - 00000000 ____D C:\Users\Sales\AppData\Roaming\mIRC
2016-03-22 02:38 - 2015-12-31 19:07 - 00000000 ____D C:\Users\Sales\Documents\Health
2016-03-21 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 02:59 - 2015-12-31 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-20 20:47 - 2016-02-22 14:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-17 13:53 - 2015-12-31 12:47 - 00290032 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-03-16 23:24 - 2015-12-31 19:07 - 00000000 ____D C:\Users\Sales\Documents\Business
2016-03-16 21:47 - 2016-02-21 20:20 - 00000000 ____D C:\Users\Sales\Desktop\BittyClient
2016-03-16 15:57 - 2016-02-25 21:41 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Dash
2016-03-16 08:57 - 2016-01-22 14:21 - 00000000 ____D C:\Users\Sales\Desktop\Tor Browser
2016-03-15 21:45 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-11 14:32 - 2016-02-06 20:39 - 00000000 ____D C:\Users\Sales\Desktop\inc32
2016-03-11 14:20 - 2016-02-29 04:07 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 14:07 - 2015-12-31 10:39 - 04892584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 18:25 - 2016-03-01 12:34 - 00000000 ____D C:\Users\Sales\Desktop\bittyhalifax
2016-03-08 08:12 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:12 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-06 22:43 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\rescache
2016-03-06 20:57 - 2016-01-01 22:10 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashFXP 5.lnk
2016-03-05 18:59 - 2016-01-08 14:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-03-05 18:58 - 2016-01-05 12:11 - 00000000 ____D C:\ProgramData\Adobe
2016-03-05 18:50 - 2016-01-05 12:04 - 00000000 ____D C:\Windows\Minidump
2016-03-05 03:00 - 2016-01-05 12:11 - 00000000 ____D C:\Users\Sales\AppData\Local\Adobe
2016-03-04 23:37 - 2016-02-21 20:47 - 00004749 _____ C:\Users\Sales\Desktop\cmd.exe - Shortcut.lnk
2016-03-03 19:37 - 2016-02-22 14:00 - 00000000 ___RD C:\Users\Sales\Creative Cloud Files
2016-03-03 12:59 - 2016-03-01 08:50 - 00001353 _____ C:\Users\Public\Desktop\Intel SSD Toolbox.lnk
2016-03-03 11:40 - 2016-02-28 19:08 - 00000000 ____D C:\Users\Sales\AppData\Roaming\SAFELauncher
2016-03-03 11:40 - 2015-10-30 19:09 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 __RSD C:\Windows\Media
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-03 11:40 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\bcastdvr
2016-03-03 11:40 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 11:40 - 2015-10-30 07:28 - 00000000 ____D C:\Windows\system32\Dism

==================== Files in the root of some directories =======

2016-01-20 21:35 - 2016-01-20 21:35 - 0044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2015-12-31 19:06 - 2016-04-02 12:12 - 3021824 _____ () C:\Users\Sales\AppData\Local\com.dswiss.securesafe.db3
2016-02-03 11:07 - 2016-02-03 11:07 - 0000600 _____ () C:\Users\Sales\AppData\Local\PUTTY.RND
2016-02-06 21:02 - 2016-02-06 21:02 - 0000713 _____ () C:\Users\Sales\AppData\Local\recently-used.xbel
2016-01-09 14:48 - 2016-01-09 14:48 - 0000017 _____ () C:\Users\Sales\AppData\Local\resmon.resmoncfg
2015-12-31 12:48 - 2015-12-31 12:48 - 0410050 _____ () C:\ProgramData\1451562419.bdinstall.bin
2016-02-16 16:31 - 2016-02-16 16:31 - 0025196 _____ () C:\ProgramData\1455636689.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 0025902 _____ () C:\ProgramData\1458697956.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 0025973 _____ () C:\ProgramData\1458697960.bdinstall.bin
2015-12-31 11:00 - 2015-12-31 11:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Sales\armory_0.93.3_winAll.exe


Some files in TEMP:
====================
C:\Users\Sales\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

Attached Files


Edited by Robert20998735, 02 April 2016 - 10:56 AM.


BC AdBot (Login to Remove)

 


#2 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 02 April 2016 - 06:09 AM

Re-posted above with logs attached from just after boot in normal mode as well as the previous which were run whilst i was in safemode so are probably not much use.

 

I would really appreciate any help.

 

Can anyone advise on a good tool for removing infected emails from my exchange email boxes as they just seem to keep reappearing?

 

I notice my desktop seems to refresh a fair amount as well???.


Edited by Robert20998735, 02 April 2016 - 06:30 AM.


#3 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 02 April 2016 - 06:17 AM

Further to the above, i should add i can't close Outlook for some reason without ending task.  I cannot start google chrome or chromium at all and have never been able to since using the win10privacy tool, it is a pain i used it for a few things.


Edited by Robert20998735, 02 April 2016 - 06:25 AM.


#4 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 04 April 2016 - 07:43 AM

Anyone?



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:09 PM

Posted 05 April 2016 - 07:20 AM

Robert20998735:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  If you would permit me to address you by your first name, I would prefer to do that since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Team member or instructor.  This will delay response times somewhat, but I will endeavor to respond in a reasonable time frame, normally within 48 hours after your last post.
 
I will need some time to review your FRST logs and consult with a Malware Response Instructor.  Once I have done so, I will post back with initial instructions.  That could take a few days.  I solicit your patience.
 
Please don't "bump" your posts as it leads the trained helpers to think that someone has replied to your initial post.  They generally look for posts with zero replies.  If you need an update, please just send me a personal message.  Thank you for your cooperation.
 
Have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#6 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 05 April 2016 - 12:58 PM

Great thanks



#7 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 05 April 2016 - 08:56 PM

I have come to my computer a few times and noticed git is open, what is this for, is it related to something i have installed??



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:09 PM

Posted 06 April 2016 - 09:07 AM

Robert20998735:


Thank you for your patience while I reviewed your logs and discussed them with my supervisor.


In response to your question, GIT is showing as installed on your computer in the Addition.txt file:

Git version 2.7.2 (HKLM\...\Git_is1) (Version: 2.7.2 - The Git Development Community)

Git Description Link

 
 
Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

 

 

OK, let's get started ...

 

 

:step1: In going over your logs I noticed that you have Peer-to-Peer programs installed: BitTorrent and CoachPotato. Please consider the following:

  • You should avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BitTorrent and CoachPotato, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use them until your computer is cleaned.


 

 

:step2: I also found these programs in your list of installed programs:

  • bl (x32 Version: 1.0.0 - Your Company Name) Hidden
  • ph (x32 Version: 1.0.0 - Your Company Name) Hidden

Do you know what they are?


 

 

:step3: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

CloseProcesses:

HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
FF Extension: Video DownloadHelper - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-03-08]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
2016-03-20 20:47 - 2016-02-22 14:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-20 21:35 - 2016-01-20 21:35 - 0044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
File: C:\Users\Sales\armory_0.93.3_winAll.exe
C:\Users\Sales\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-106550278-2020945526-1740148854-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0EAC68A6D5D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File

 

 

:step4: Please ensure that you reboot your computer after the FRST fix has been run.

 

 

 

:step5: Please re-run a FRST scan in normal Windows boot mode. Please ensure that "Addition.txt" is checked as well. It is checked automatically the first time FRST is run in scan mode, but then defaults to not running automatically.

 

 

 

:step6: Please copy and paste into your next response:

  • the "fixlog.txt" file;
  • the new "FRST.txt" file; and,
  • the new "Addition.txt" file

 

 

 

:step7: Please let me know if you have uninstalled the P2P software I cited in :step1:; and, if you know that those two program are for, that are listed in :step2:


 

 

:step8: Please let me know, specifically, what problems that you might still be experiencing. Please list them with as much detail as possible to help to identify the cause of any remaining issues.

 

 

Thank you, and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 April 2016 - 03:54 AM

I realise now i installed git and have uninstalled as i am not using it right now.

 

I dont use cracked software and generally pay for the programs i have, all are legit, p2p may be used for avi's but we are careful.

 

:step2: I also found these programs in your list of installed programs:

  • bl (x32 Version: 1.0.0 - Your Company Name) Hidden
  • ph (x32 Version: 1.0.0 - Your Company Name) Hidden

Do you know what they are? No i have no idea wondered that before???

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Sales (2016-04-07 09:44:51)
Running from C:\Users\Sales\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-31 09:41:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-106550278-2020945526-1740148854-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-106550278-2020945526-1740148854-503 - Limited - Disabled)
Guest (S-1-5-21-106550278-2020945526-1740148854-501 - Limited - Disabled)
Sales (S-1-5-21-106550278-2020945526-1740148854-1001 - Administrator - Enabled) => C:\Users\Sales

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DMark 11 Demo (HKLM-x32\...\Steam App 221870) (Version:  - Futuremark)
7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AI Suite 3 (HKLM-x32\...\{CD36E28B-6023-469A-91E7-049A2874EC13}) (Version: 1.01.30 - ASUSTeK Computer Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.26.1 - Asmedia Technology)
ASUS Lighting Control (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.00.08 - ASUSTeK Computer Inc.)
Bitcoin Armory (HKLM-x32\...\Bitcoin Armory) (Version: 0.93.3.0 - Armory Technologies Inc.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.2 - Bitcoin Core project)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
CinEx HD Utility (HKLM-x32\...\CinEx HD Utility) (Version:  - )
Corsair Link 4 (HKLM-x32\...\{03d46163-b471-4734-bd18-78abe9118d17}) (Version: 4.2.0.162 - Corsair Components, Inc.)
Corsair Link 4 (x32 Version: 4.2.0.162 - Corsair Components, Inc.) Hidden
Corsair Link™ USB Dongle (Driver Removal) (HKLM-x32\...\SIUSBXP&1B1C&1C00) (Version:  - Corsair Memory, Inc.)
CPUID ASUS CPU-Z 1.72.1 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.72.1 - CPUID, Inc.)
Dash Core (64-bit) (HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Dash Core (64-bit)) (Version: 0.12.0 - Dash Core project)
DTSStudioSoundGuiPluginInstaller (HKLM-x32\...\{DE339FBB-2FEB-4470-B289-34214FDA0C9F}) (Version: 1.00.1700 - DTS, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
DYMO LabelWriter Drivers (HKLM\...\{CE16D92B-50F3-4FC5-B29C-13FAFEE1A6C6}) (Version: 8.3.0.443 - Sanford L.P.)
Electrum (HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Electrum) (Version: 2.6.3 - Electrum Technologies GmbH)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-850 Series Printer Uninstall (HKLM\...\EPSON XP-850 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Futuremark SystemInfo (HKLM-x32\...\{70690D9E-3D00-47D6-9CE9-BC3B6F900447}) (Version: 4.41.563.0 - Futuremark)
GnuWin32: OpenSSL-0.9.8h-1 (HKLM-x32\...\OpenSSL-0.9.8h-1_is1) (Version: 0.9.8h-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gpg4win (2.3.0) (HKLM-x32\...\GPG4Win) (Version: 2.3.0 - The Gpg4win Project)
HyStream (HKLM-x32\...\{C84C5C3A-6D85-4741-9F9D-03A9084CD2E5}) (Version: 1.00.14 - ASUSTeK Computer Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.5 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel)
Intel® NVME Miniport and Filter Device Management (HKLM\...\{d4adb5bf-1030-4537-9954-799459207933}) (Version: 1.3.0.1007 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{270e4d1a-19f9-46c3-93b3-e61d4a24ab9f}) (Version: 2.4.0.5 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.3.3.400 - Intel Corporation)
IPMIView (HKLM-x32\...\IPMIView) (Version: 2.6.0.0 - SUPERMICRO)
iShowII lasershow software (HKLM-x32\...\{BD8BD5DF-17F1-4141-BC51-87BFA4187B67}) (Version: 2.3.2 - SeeShow)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Java 8 Update 74 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java SE Development Kit 8 Update 74 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180740}) (Version: 8.0.740.2 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.9.0.0 - QFX Software Corporation)
K-Lite Codec Pack 11.8.8 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.8 - KLCP)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.8.1000 - Maxthon International Limited)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.43 - mIRC Co. Ltd.)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCZ 10xx Driver (HKLM\...\{E208DE6A-95D7-4660-B0F9-1A455C75D41F}) (Version: 2.0.0.4794 - OCZ Storage Solutions)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
OpenSSL 1.0.2f Light (32-bit) (HKLM-x32\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
OpenVPN 2.3.3-I003-proxy.sh  (HKLM\...\OpenVPN) (Version: 2.3.3-I003-proxy.sh - )
Opera Stable 36.0.2130.46 (HKLM-x32\...\Opera 36.0.2130.46) (Version: 36.0.2130.46 - Opera Software)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1053.0 - Passmark Software)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
pidgin-otr 4.0.1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.1 - Cypherpunks CA)
Pioneer USB High Speed Driver Uninstaller (HKLM-x32\...\PioneerUSBHighSpeedDriver2) (Version: 2.0 - Pioneer Corporation.)
PowerChute Business Edition Agent (HKLM-x32\...\{BCE9F441-9027-4911-82E0-5FB28057897D}) (Version: 9.1.1.604 - Schneider Electric)
PowerChute Business Edition Console (HKLM-x32\...\{0F86FD09-BA63-4E45-A70B-604C1106C2F2}) (Version: 9.1.1.604 - Schneider Electric)
PowerChute Business Edition Server (HKLM-x32\...\{A6491A4A-AAA0-4892-BFEF-ECD6CECE2FF3}) (Version: 9.1.1.604 - Schneider Electric)
Proxifier version 3.29 (HKLM-x32\...\Proxifier_is1) (Version: 3.29 - Initex)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7661 - Realtek Semiconductor Corp.)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
S.T.R.I.K.E.5 Service (HKLM\...\{4B84A0D0-F7E8-472E-9C71-9F1E4AB16E24}) (Version: 1.1.0.0 - Mad Catz)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Samsung NVM Express Driver (HKLM\...\{D767F147-306C-4E91-BC7F-624EB509EC39}_is1) (Version: 1.0 - Samsung Electronics)
SecureSafe 2.1.14 (HKLM-x32\...\{54F25BD9-338F-4215-B274-1AC32282EAC2}) (Version: 2.1.14 - DSwiss AG)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.49 - NVIDIA Corporation) Hidden
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.45.2 (HKLM\...\{431DEFDE-6862-4CBC-AA44-112164825D73}) (Version: 7.0.45.2 - Mad Catz)
SSD Guru (HKLM-x32\...\{821329AE-EB57-4E10-9868-792651B3336B}) (Version: 1.4.1992 - OCZ Storage Solutions)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SurveillancePlugin (HKLM-x32\...\{DA836CC0-6DD1-49A2-B08B-253D0CCF560C}) (Version: 1.0.0.791 - Synology)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TextMagic Messenger 2.3.3 (HKLM-x32\...\TextMagic Messenger_is1) (Version:  - TextMagic)
USBPcap 1.1.0.0-g794bf26 (HKLM\...\USBPcap) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB  (10/30/2015 3.6) (HKLM\...\689CB8E4310D795D383E65C05A8F13A05D92E771) (Version: 10/30/2015 3.6 - Corsair Components, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
XTUPackage (HKLM-x32\...\{84D11A20-6E7F-4FBB-A2FB-117FCF871040}) (Version: 1.0.0 - ASUSTeK COMPUTER INC.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-106550278-2020945526-1740148854-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0B78EAE2-FEBA-4656-B8B5-E9951D65E2C1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {0D3500A7-D8A3-43BB-B7CD-7F0A048B998C} - System32\Tasks\Opera scheduled Autoupdate 1453408251 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
Task: {11B30D4B-1AC8-4B2B-B159-E04945EACC60} - System32\Tasks\{4E42E9FA-9DEB-490D-9C5C-066D4F1BA716} => pcalua.exe -a C:\Windows\system32\spool\DRIVERS\x64\3\E_IINSJDE.EXE -c /R /APD /P:"EPSON XP-850 Series"
Task: {12BA35FC-0172-4795-8FE9-E6903DB3ECE3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
Task: {1F54FEEC-CA5C-4BDA-A160-2A56BEBB9F14} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {2F5F0C7D-1DC5-4FFF-8921-F4DA2CEF13F5} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {3CAFF97F-F2CE-40F5-983E-2764809E34CA} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2015-08-31] ()
Task: {4131B555-89EF-4CFA-9EED-FC4A31C63664} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-18] (Intel Corporation)
Task: {435414D0-7B66-4148-AD43-0F9E7B9C707E} - System32\Tasks\ASUS\HyStream service => C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe [2015-06-12] (ASUSTeK Computer Inc.)
Task: {47EDE150-3E1A-44F9-8851-31460CA834E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-16] (Adobe Systems Incorporated)
Task: {49532092-F5E4-4F7E-B849-C68EFB570E8F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5B2A8FD3-B6E4-4F21-A1C6-33B73869A705} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {6E570F95-FEC1-4D26-9A80-E8B356D2F997} - System32\Tasks\ASUS\Key Express Pipe Execute => C:\Program Files (x86)\ASUS\AI Suite III\Key Express\KeyBotPipeServer.exe
Task: {718BA60A-3013-4E16-BC46-FE4AFD346C1C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {75C7C238-B423-4213-8BF6-834FFDA5DA30} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2015-11-16] ()
Task: {79D4FD6E-7D1D-497A-9E20-20B3A3ADB3CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {853917E2-659D-455D-B331-14B7E06C59CD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {89688A94-3BCC-4F84-85EF-A632144448B0} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-01-13] ()
Task: {8AE60AD0-230D-43FE-9F2B-A0FD7E9773D3} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2015-08-06] (ASUSTeK Computer Inc.)
Task: {BCF7A697-B94D-4BB4-BBFA-9AD552F0C27B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2016-02-24] (Maxthon International ltd.)
Task: {C8EE14EE-7B86-4F04-8E80-27C43C1D9BDC} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2015-07-30] (TODO: <Company name>)
Task: {D27C0E82-3C1A-4E8D-8D54-9EAA9BAD8B59} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-16] (Bitdefender)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sales\Desktop\Start.bat - Shortcut.lnk -> C:\PHP\dev\Myscripts\New folder (2)\Start.bat ()

==================== Loaded Modules (Whitelisted) ==============

2016-01-22 12:01 - 2015-03-28 16:55 - 00096840 _____ () C:\Windows\system32\PrxerNsp.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-31 12:47 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\bdmetrics.dll
2016-03-24 16:52 - 2016-03-24 16:52 - 01119064 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02051_006\ashttpbr.mdl
2016-03-24 16:52 - 2016-03-24 16:52 - 00794832 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02051_006\ashttpdsp.mdl
2016-03-24 16:52 - 2016-03-24 16:52 - 03038112 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02051_006\ashttpph.mdl
2016-03-24 16:52 - 2016-03-24 16:52 - 01648408 _____ () C:\Program Files\Bitdefender\Bitdefender 2016\otengines_02051_006\ashttprbl.mdl
2016-01-02 12:37 - 2016-01-23 02:01 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-22 12:01 - 2015-03-28 16:55 - 00096840 _____ () C:\Windows\System32\PrxerNsp.dll
2015-11-24 19:32 - 2015-11-24 19:32 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-12-31 11:10 - 2015-04-21 08:46 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2016-03-01 23:04 - 2016-03-25 02:52 - 00368184 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-01-02 12:29 - 2016-03-25 02:52 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-01 23:04 - 2016-03-25 02:52 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-01 23:04 - 2016-03-25 02:52 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2015-12-31 11:09 - 2015-05-08 07:26 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2016-03-01 23:04 - 2016-03-25 02:52 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-01 23:04 - 2016-03-25 02:52 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-01 23:04 - 2016-03-25 02:52 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-01-21 04:11 - 2016-03-25 02:52 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-12-31 21:24 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-04-07 07:19 - 2016-03-25 02:52 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-04-07 07:19 - 2016-03-25 02:52 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-02 11:06 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-31 11:10 - 2015-08-31 15:25 - 01460176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2015-12-31 11:10 - 2015-11-16 02:14 - 01316824 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2016-03-02 11:06 - 2016-02-23 12:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-22 14:55 - 2016-01-22 14:55 - 00553136 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-01-03 04:29 - 2016-01-03 04:29 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-01 11:01 - 2015-10-01 11:01 - 00057344 _____ () C:\Program Files\Mad Catz\Strike5Service\MCAudio.dll
2015-10-01 11:01 - 2015-10-01 11:01 - 00040960 _____ () C:\Program Files\Mad Catz\Strike5Service\CoreAudioApi.dll
2015-11-18 18:02 - 2015-11-18 18:02 - 08503832 _____ () C:\Program Files (x86)\SecureSafe\SecureSafe.exe
2016-01-06 17:41 - 2016-01-06 17:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2015-12-31 11:09 - 2015-08-06 17:16 - 01266104 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
2015-12-31 04:31 - 2015-12-31 04:31 - 01851904 _____ () C:\Program Files\Safejumper\safejumper.exe
2014-01-10 01:00 - 2014-01-10 01:00 - 28973056 _____ () C:\Program Files\Dash\dash-qt.exe
2016-01-22 14:54 - 2016-01-22 14:54 - 31420080 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2015-11-24 19:20 - 2015-11-24 19:20 - 00221696 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2015-11-24 19:09 - 2015-11-24 19:09 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2015-11-24 19:20 - 2015-11-24 19:20 - 00073728 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2015-11-24 19:22 - 2015-11-24 19:22 - 00751104 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2015-11-24 19:14 - 2015-11-24 19:14 - 00087552 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2016-02-21 16:43 - 2013-09-09 09:21 - 00036864 _____ () C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib\win32\ApcUsb_ul.dll
2015-12-31 11:09 - 2016-04-07 09:13 - 00041256 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-12-31 11:09 - 2015-05-08 07:26 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-12-31 11:10 - 2015-08-31 15:21 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2015-12-31 11:10 - 2015-08-14 12:23 - 00621056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll
2015-12-31 11:10 - 2014-02-24 18:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00236544 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4cTDPAction.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00712192 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2015-12-31 11:10 - 2015-11-18 23:40 - 00864768 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00803840 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2015-12-31 11:10 - 2015-11-18 23:40 - 00817664 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-12-31 11:10 - 2015-12-31 12:25 - 00507392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\AsKeyboardFocusHooker.dll
2015-12-31 11:09 - 2015-06-03 17:17 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2015-12-31 11:09 - 2015-06-03 17:17 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2015-12-31 11:10 - 2015-11-30 17:21 - 04682200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2015-12-31 11:10 - 2015-05-21 23:57 - 01141248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2015-12-31 11:11 - 2015-08-28 14:48 - 01345024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Mobo Connect\MoboConnect.dll
2015-12-31 11:09 - 2015-07-23 22:38 - 00838456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-12-31 12:26 - 2015-12-31 12:26 - 00057344 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.21\Exeio.dll
2015-12-31 12:26 - 2015-12-31 12:26 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.21\Vender.dll
2015-12-31 11:09 - 2015-05-08 07:26 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2016-01-02 12:29 - 2016-03-25 02:52 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-03-20 21:50 - 2014-03-20 21:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2015-12-31 11:10 - 2015-07-30 17:31 - 00383488 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\SystemCleaner.dll
2015-08-14 03:17 - 2015-08-14 03:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-03 04:28 - 2016-02-23 07:53 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2016-01-21 10:25 - 2016-01-21 10:25 - 00053760 _____ () C:\Users\Sales\AppData\Local\assembly\dl3\QO5GAT3N.4OK\MV91WXQ6.110\ebe4bafa\006b296d_7f44cf01\Outlook07DymoAddIn.DLL
2016-01-21 10:25 - 2016-01-21 10:25 - 00093696 _____ () C:\Users\Sales\AppData\Local\assembly\dl3\QO5GAT3N.4OK\MV91WXQ6.110\defc8835\00eae00f_7e44cf01\DYMO.Common.DLL
2016-01-20 18:00 - 2016-02-23 07:53 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2016-01-03 04:29 - 2016-01-03 04:29 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2016-01-03 04:28 - 2016-02-23 07:53 - 00325824 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
2016-01-28 13:32 - 2016-01-28 13:32 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-01-28 13:32 - 2016-01-28 13:32 - 01365696 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-01-28 13:32 - 2016-01-28 13:32 - 00219328 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 01:22 - 2016-01-21 01:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 11:24 - 2016-02-12 11:24 - 00158400 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-28 14:03 - 2016-01-28 14:03 - 00158400 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2016-01-08 04:05 - 2016-01-08 04:05 - 00085504 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\bufferutil.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00086016 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ws\build\Release\validation.node
2016-01-08 04:05 - 2016-01-08 04:05 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sales\Desktop\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Sales\Desktop\OTL.exe:BDU
AlternateDataStreams: C:\Users\Sales\Desktop\rkill(1).exe:BDU
AlternateDataStreams: C:\Users\Sales\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\Sales\Desktop\SystemLook_x64.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-04-07 09:13 - 00012207 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    localhost
127.0.0.1           localhost
127.0.0.1           localhost
127.0.0.1           localhost
127.0.0.1           localhost
0.0.0.0             rad.msn.com0.0.0.0 telecommand.telemetry.microsoft.com.nsatðc.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sales\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WFDPRINT-DAFWSD-In-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-SPOOL-In-Active] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [WFDPRINT-SPOOL-Out-Active] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [WFDPRINT-SCAN-In-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WFDPRINT-SCAN-Out-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{552EE441-0988-46D8-B9A4-443EE35FF07F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6594B3C-5E2C-42A6-B2BA-AC6EB17DC5F2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{527DF22A-3AE8-4921-B3AB-D8845470A4CC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E30E4600-BC0C-4E10-8CD3-474E7934DF71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{342EAFC6-3E01-4CAA-AA33-04E26F42CB7B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{953FD249-70F6-43FE-AC26-5BCE0158B4B6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7A406A45-42CC-4272-94E5-047E6D186B43}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FD6DD609-B6BB-49DE-B607-920338D6DC6C}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{6D704A72-56A2-4C3F-B78B-A19EF0DCDA0E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DE0FD13C-50C3-46C9-947B-07739416739E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A3305B04-BD79-43DD-A3C8-B2A91C138B2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CF304B0E-EB92-4B9E-96C7-C6084ED7CCE5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{24CEDBED-6419-48A9-986D-2F1E3471D506}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{385AEEEE-8E65-4446-B91A-CF27EEB05015}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{86B65C06-CC55-4CB4-B1E7-DFD23557DE8E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{41ED4E04-C516-4BAE-87E2-3268A19ADB51}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{100BAFAE-0611-44D0-94F1-29CCCC76F06F}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{8DE27433-CCDD-4676-BD40-0DB5633E658C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E760ABA9-35ED-442A-AF91-9F59898FE703}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68E7355B-EE5D-481E-B010-3A78AFDB4F37}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C0CC492-BA2A-4EFE-80DA-778ED0E8F265}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8C2BBEB-EC0F-4144-9751-7CD8819382E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D8DB7CDA-FC7A-4E94-A1C8-AF6E70701866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{142ED862-3011-4FC8-93D9-7015862F8992}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9474A5B3-52BC-4BDD-ABEA-EC7068297AE4}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{E8867222-ED72-46D9-8F21-9C3296CB5D97}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{507E6CC7-D9AA-4D2B-B7B7-797CB3BB04B7}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{929F14B2-B6E9-4687-86EC-8ED2E980DB5C}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{BEAE0ED7-AC16-4E9D-93B7-F4D111C59F1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark 11\3DMarkLauncher.exe
FirewallRules: [{05D22822-9881-4579-95F8-3619071D8D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark 11\3DMarkLauncher.exe
FirewallRules: [{6E5A09E0-E830-4AEB-8E62-7410FF9E1D2C}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{69787864-7534-432B-9F6E-BE250D306D0F}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
FirewallRules: [{CA0325D9-83F0-46C9-8DE5-5B23B3B4CD48}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [{E1744848-4404-45CD-8293-1CAC4422607E}] => (Allow) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
FirewallRules: [{A108079F-047B-4081-A821-74132F437B5B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2016 09:44:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.122, time stamp: 0x56cc0133
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc0000005
Fault offset: 0x0000000000145709
Faulting process ID: 0xd33c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (04/07/2016 09:39:46 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.122, time stamp: 0x56cc0133
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc0000005
Fault offset: 0x0000000000145709
Faulting process ID: 0x7e8c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (04/07/2016 09:16:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (04/07/2016 09:16:34 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/07/2016 09:16:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (04/07/2016 09:16:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (04/07/2016 09:16:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (04/07/2016 09:16:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/07/2016 09:16:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.122, time stamp: 0x56cc0133
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006fce8b
Faulting process ID: 0x287c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (04/07/2016 09:16:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.63, time stamp: 0x568b1fdc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc0000005
Fault offset: 0x0000000000145709
Faulting process ID: 0x28d8
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report ID: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5


System errors:
=============
Error: (04/07/2016 09:12:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_4a236 service to connect.

Error: (04/07/2016 09:12:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4a236 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/07/2016 09:11:58 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2016 07:13:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4c228 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/07/2016 07:13:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2016 07:07:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4fdb9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (04/07/2016 07:07:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/07/2016 07:07:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Extreme Tuning Utility Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/07/2016 07:07:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (04/07/2016 07:07:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Corsair Link 4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-03-23 01:57:50.720
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-12 21:34:15.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 13:08:19.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 10:42:23.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 14:16:52.558
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-22 13:09:36.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:23:54.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 22:17:11.851
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-10 14:08:03.736
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-29 11:19:08.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 7%
Total physical RAM: 65449.28 MB
Available physical RAM: 60434.71 MB
Total Virtual: 75177.28 MB
Available Virtual: 68550.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1117.26 GB) (Free:886.34 GB) NTFS
Drive d: () (Fixed) (Total:238.35 GB) (Free:204.31 GB) NTFS
Drive e: () (Fixed) (Total:238.35 GB) (Free:204.31 GB) NTFS
Drive f: (2tb) (Fixed) (Total:1907.6 GB) (Free:1386.66 GB) NTFS
Drive h: (Downloads) (Fixed) (Total:476.82 GB) (Free:168.83 GB) NTFS
Drive j: (1tb) (Fixed) (Total:953.74 GB) (Free:924.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1117.8 GB) (Disk ID: CD11C182)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Sales (administrator) on DESKTOP-PC (07-04-2016 09:44:31)
Running from C:\Users\Sales\Desktop
Loaded Profiles: Sales (Available Profiles: Sales)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(APC) C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HyStream\ASUSMediaBackgroundServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(Mad Catz Inc) C:\Program Files\Mad Catz\Strike5Service\Strike5.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwtxapps.exe
() C:\Program Files (x86)\SecureSafe\SecureSafe.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Initex) C:\Program Files (x86)\Proxifier\Proxifier.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsPowerBar\AsPowerBar.exe
() C:\Program Files\Safejumper\safejumper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
() C:\Program Files\Dash\dash-qt.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxcr.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-17] (Bitdefender)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397752 2016-03-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [S.T.R.I.K.E.5 Service] => C:\Program Files\Mad Catz\Strike5Service\Strike5.exe [150528 2015-10-01] (Mad Catz Inc)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2015-10-01] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [157696 2015-10-01] (Saitek)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [proxy_sh] => C:\Program Files\Safejumper\safejumper.exe [1851904 2015-12-31] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596016 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [515600 2016-03-22] (QFX Software Corporation)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-03-17] (Bitdefender)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3014224 2016-02-04] (Valve Corporation)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [securesafe] => C:\Program Files (x86)\SecureSafe\SecureSafe.exe [8503832 2015-11-18] ()
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [Proxifier] => c:\program files (x86)\proxifier\proxifier.exe [4624976 2015-12-02] (Initex)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [CorsairLink4] => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [16879944 2016-01-22] (Corsair Components, Inc.)
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\MountPoints2: {e7023b51-afa3-11e5-bbf1-806e6f6e6963} - "explorer.exe" index.html
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 17 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 01 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 17 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{364d1e97-3282-4ccc-95a2-b2e7c066bbfb}: [NameServer] 192.168.1.200
Tcpip\..\Interfaces\{8d72b039-66c8-4a35-8e02-d318303f6c49}: [NameServer] 192.168.1.252
Tcpip\..\Interfaces\{d48afd72-c35c-4635-a714-78e2a268d302}: [NameServer] 192.168.1.200

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-106550278-2020945526-1740148854-1001 -> {DCD929F4-2178-481F-AE37-9B4FA7EDE295} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-07] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-29] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-07] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-29] (Oracle Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-29] (Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKU\S-1-5-21-106550278-2020945526-1740148854-1001 -> Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-01-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-16] ()
FF Plugin: @java.com/DTPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\dtplugin\npDeployJava1.dll [2016-02-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.74.2 -> C:\Program Files\Java\jre1.8.0_74\bin\plugin2\npjp2.dll [2016-02-29] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin: synology.com/SurveillancePlugin_x86_64 -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.791\npSurveillancePlugin_x86_64.dll [2016-02-22] (Synology)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-16] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-01-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [No File]
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.791\npSurveillancePlugin.dll [2016-02-22] (Synology)
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-12-16]
FF Extension: BitTorrent WebUI+ - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\extensions\BitTorrent_WebUI_2@firefox.alexisbrunet.com.xpi [2016-01-01]
FF Extension: CouchPotato - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{1EB88DA7-4F70-4E70-923F-810E4F0C9FDF}.xpi [2016-02-02]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-12-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-14]
CHR Extension: (Google Drive) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-14]
CHR Extension: (YouTube) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-14]
CHR Extension: (Google Search) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-14]
CHR Extension: (Bitdefender Wallet) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-01-14]
CHR Extension: (Yahoo Web) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\eedgghdcpmmmilkmfpnklknlenbiolec [2016-01-14]
CHR Extension: (Google Sheets) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-14]
CHR Extension: (Google Docs Offline) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]
CHR Extension: (Gmail) - C:\Users\Sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-14]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [693440 2016-01-28] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2020056 2016-02-09] (Adobe Systems, Incorporated)
R2 APCPBEAgent; C:\Program Files (x86)\APC\PowerChute Business Edition\agent\pbeagent.exe [36600 2013-09-09] (APC)
R2 APCPBEServer; C:\Program Files (x86)\APC\PowerChute Business Edition\server\pbeserver.exe [57160 2013-09-09] (APC)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-05-08] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-05-08] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2015-04-21] () [File not signed]
R2 ASUS LED Control Service; C:\Program Files (x86)\ASUS\Lighting Control\AsLedService.exe [283928 2015-06-26] (TODO: <Company name>)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.07.00\AsusFanControlService.exe [395736 2015-12-31] (ASUSTeK Computer Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-12-31] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [81224 2016-01-22] (Corsair Components, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2015-11-24] () [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-11-05] (Futuremark)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164856 2016-03-25] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2385832 2016-01-25] (Maxthon)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-03-25] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-03-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-03-25] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [32568 2014-04-09] (The OpenVPN Project)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [925328 2016-03-21] (Bitdefender)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-03-17] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-09-21] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R3 AndroidAFD; C:\Windows\SysWow64\drivers\AndroidAFDx64.sys [28600 2015-08-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] ()
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-02] (BitDefender)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-12-31] (Broadcom Corporation.)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-03-17] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2016-04-07] (CPUID)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [31376 2015-03-10] ()
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d65x64.sys [530416 2015-06-18] (Intel Corporation)
R3 e1rexpress; C:\Windows\system32\DRIVERS\e1r65x64.sys [486344 2015-04-20] (Intel Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 IaNVMe; C:\Windows\System32\drivers\IaNVMe.sys [101872 2015-07-07] (Intel Corporation)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [290032 2016-03-17] (Bitdefender)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-09-21] (Intel Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2015-04-21] (ASUSTeK Computer Inc.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-06] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-28] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R0 nvme; C:\Windows\System32\drivers\nvme.sys [118280 2015-10-16] (Samsung Electronics Co., Ltd)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-03-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S0 ocz10xx; C:\Windows\System32\drivers\ocz10xx.sys [75568 2014-12-19] (OCZ Storage Solutions)
S0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [19424 2014-12-19] (OCZ Storage Solutions)
S3 PUSBODD2; C:\Windows\System32\drivers\PUSBODD2.SYS [35120 2013-02-01] (Pioneer Corporation.)
S3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3764736 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 Said1108; C:\Windows\System32\drivers\Said1108.sys [25280 2015-10-06] (Saitek)
R3 SaiK1108; C:\Windows\system32\DRIVERS\SaiK1108.sys [180928 2015-10-06] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [23968 2015-10-01] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [51488 2015-10-06] (Saitek)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-04-02] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
R3 USBPcap; C:\Windows\system32\DRIVERS\USBPcap.sys [41720 2015-12-10] (USBPcap)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 _hid_0738_1709; C:\Windows\system32\DRIVERS\_hid_0738_1709.sys [180928 2015-10-01] (Saitek)
R3 _usb_0738_1709; C:\Windows\System32\drivers\_usb_0738_1709.sys [46528 2015-10-01] (Saitek)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 09:43 - 2016-04-07 09:43 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-07 09:38 - 2016-04-07 09:38 - 00000000 ____D C:\Users\Sales\Documents\Outlook Files
2016-04-07 09:13 - 2016-04-07 09:13 - 00000022 _____ C:\Windows\S.dirmngr
2016-04-07 07:21 - 2016-04-07 07:21 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Synology
2016-04-07 07:21 - 2016-04-07 07:21 - 00000000 ____D C:\Program Files (x86)\Synology
2016-04-07 07:19 - 2016-04-07 07:19 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-04-07 07:19 - 2016-03-21 21:01 - 00109632 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-04-07 07:19 - 2016-03-21 21:01 - 00100416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-04-07 07:06 - 2016-04-07 07:07 - 00006029 _____ C:\Users\Sales\Desktop\Fixlog.txt
2016-04-07 07:04 - 2016-04-07 07:04 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (7).txt
2016-04-06 06:17 - 2016-04-06 06:18 - 00000000 ____D C:\AdwCleaner
2016-04-06 06:17 - 2016-04-06 06:17 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-06 06:17 - 2016-04-06 06:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-06 06:17 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-06 06:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-06 04:07 - 2016-04-06 06:22 - 00462438 _____ C:\Windows\ntbtlog.txt
2016-04-06 03:31 - 2016-04-06 03:31 - 00001845 _____ C:\Users\Public\Desktop\Wireshark Legacy.lnk
2016-04-06 03:29 - 2016-04-06 03:29 - 00005005 _____ C:\Users\Sales\Desktop\config.example.php.txt
2016-04-06 03:03 - 2016-04-06 07:18 - 00004991 _____ C:\Users\Sales\Desktop\config.example.php
2016-04-02 13:16 - 2016-04-02 13:16 - 00001439 _____ C:\Users\Sales\Desktop\Start.bat - Shortcut.lnk
2016-04-02 13:08 - 2016-04-02 13:08 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (6).txt
2016-04-02 12:57 - 2016-04-02 12:57 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (5).txt
2016-04-02 12:53 - 2016-04-02 12:53 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (4).txt
2016-04-02 12:39 - 2016-04-02 12:39 - 00006174 _____ C:\Users\Sales\Desktop\New Microsoft Excel Worksheet.xlsx
2016-04-02 12:39 - 2016-04-02 12:39 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (3).txt
2016-04-02 12:21 - 2016-04-02 12:21 - 00066759 _____ C:\Users\Sales\Desktop\FRSTnonsafemode.txt
2016-04-02 12:21 - 2016-04-02 12:21 - 00051724 _____ C:\Users\Sales\Desktop\Additionnonsafemode.txt
2016-04-02 11:38 - 2016-04-02 11:38 - 00165376 _____ C:\Users\Sales\Desktop\SystemLook_x64.exe
2016-04-02 01:17 - 2016-04-02 01:17 - 00108374 _____ C:\Users\Sales\Desktop\Extras.Txt
2016-04-02 01:12 - 2016-04-02 01:12 - 00061587 _____ C:\Users\Sales\Desktop\Shortcut.txt
2016-04-01 22:20 - 2016-04-01 22:20 - 00000000 _____ C:\Users\Sales\Desktop\New Text Document (2).txt
2016-03-26 21:14 - 2016-03-26 21:14 - 00000000 ____D C:\Users\Sales\AppData\Roaming\TeamViewer
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\ProgramData\CitrixLogs
2016-03-24 20:41 - 2016-03-24 20:41 - 00000000 ____D C:\ProgramData\Citrix
2016-03-24 20:41 - 2016-02-26 05:15 - 00131056 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Windows\system32\gotomon_x64.dll
2016-03-24 20:41 - 2016-02-26 05:01 - 00037112 _____ (Citrix Systems) C:\Windows\system32\Drivers\monblanking.sys
2016-03-24 12:19 - 2016-03-24 12:19 - 00037664 ____R C:\Users\Sales\Desktop\psh-pli-large.pbk
2016-03-24 10:47 - 2016-03-24 10:47 - 00201618 _____ C:\Users\Sales\Documents\cc_20160324_094748.reg
2016-03-24 06:09 - 2016-03-24 06:09 - 279939936 _____ C:\Users\Sales\Documents\z.pcapng
2016-03-24 06:09 - 2016-03-24 06:09 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Wireshark
2016-03-23 02:52 - 2016-03-23 02:52 - 00025973 _____ C:\ProgramData\1458697960.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 00025902 _____ C:\ProgramData\1458697956.bdinstall.bin
2016-03-23 01:54 - 2016-03-23 01:54 - 00004775 _____ C:\Users\Sales\Desktop\startuplist.txt
2016-03-23 01:53 - 2016-03-23 01:53 - 00280532 _____ C:\Users\Sales\Desktop\OT2L.Txt
2016-03-23 01:23 - 2016-03-23 01:23 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\Sales\Desktop\rkill(1)64.exe
2016-03-23 01:18 - 2016-03-23 01:53 - 00000144 _____ C:\Users\Sales\Desktop\New Text Document.txt
2016-03-23 00:25 - 2016-04-06 06:16 - 03104948 _____ C:\Users\Sales\Desktop\OTL.Txt
2016-03-23 00:23 - 2016-03-23 00:23 - 00000000 ____D C:\Users\Sales\Desktop\backups
2016-03-22 20:11 - 2016-03-22 20:11 - 00112144 _____ (QFX Software Corporation) C:\Windows\system32\KeyScramblerLogon.dll
2016-03-22 14:31 - 2016-04-06 16:19 - 00001076 _____ C:\Users\Sales\Desktop\Electrum.lnk
2016-03-22 14:31 - 2016-03-22 14:31 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electrum
2016-03-22 14:30 - 2016-03-22 14:31 - 00000000 ____D C:\Program Files (x86)\Electrum
2016-03-22 02:39 - 2016-03-22 02:39 - 00008587 _____ C:\Users\Sales\Documents\Customerlistbitty.xlsx
2016-03-20 20:47 - 2016-03-21 01:07 - 00000000 ____D C:\Users\Sales\AppData\Roaming\BritCoin
2016-03-20 12:25 - 2016-03-20 12:28 - 00000000 ____D C:\Users\Sales\Desktop\heli
2016-03-19 17:00 - 2016-03-21 02:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-18 12:44 - 2016-03-23 14:11 - 00000000 ____D C:\Users\Sales\dwhelper
2016-03-15 14:22 - 2016-03-15 14:27 - 00000000 ____D C:\Users\Sales\Desktop\Individual Servers
2016-03-15 14:20 - 2014-10-01 16:09 - 00004846 _____ C:\Users\Sales\Desktop\France Hub - TCP.ovpn
2016-03-15 14:19 - 2014-10-01 16:09 - 00004846 _____ C:\Users\Sales\Desktop\Europe Hub - TCP.ovpn
2016-03-15 14:19 - 2014-04-11 07:13 - 00002280 _____ C:\Users\Sales\Desktop\proxysh.crt
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Windows Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Mac, Linux & Android Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Mac Tunnelblick Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\iOS Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\DD-WRT Configs
2016-03-15 14:18 - 2016-03-15 14:18 - 00000000 ____D C:\Users\Sales\Desktop\Certificate File
2016-03-15 14:18 - 2016-03-15 14:17 - 17796517 ____R C:\Users\Sales\Desktop\psh-ovpn-large.zip
2016-03-15 14:18 - 2014-10-01 16:09 - 00002506 _____ C:\Users\Sales\Desktop\README.txt
2016-03-14 14:23 - 2016-03-14 14:23 - 00001403 _____ C:\Users\Sales\Desktop\outlook 2007 (2) gl 1519.jpg - Shortcut.lnk
2016-03-12 06:56 - 2016-03-12 20:59 - 00000000 ____D C:\Users\Sales\Desktop\1
2016-03-11 14:20 - 2016-03-12 17:00 - 00000000 ____D C:\Users\Sales\Desktop\bittysantander2
2016-03-11 14:19 - 2016-03-11 23:54 - 00000000 ____D C:\Bclients
2016-03-11 14:08 - 2016-03-11 14:08 - 00000385 _____ C:\Users\Sales\AppData\Roaminguser_gensett.xml
2016-03-11 14:06 - 2016-04-07 09:12 - 00013110 _____ C:\bdlog.txt
2016-03-09 03:31 - 2016-03-01 06:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-09 03:31 - 2016-03-01 06:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-09 03:31 - 2016-02-24 10:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 03:31 - 2016-02-24 10:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 03:31 - 2016-02-24 10:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 03:31 - 2016-02-24 10:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 03:31 - 2016-02-24 10:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 03:31 - 2016-02-24 10:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-09 03:31 - 2016-02-24 10:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2016-03-09 03:31 - 2016-02-24 10:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 03:31 - 2016-02-24 09:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 03:31 - 2016-02-24 09:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 03:31 - 2016-02-24 09:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-03-09 03:31 - 2016-02-24 09:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-03-09 03:31 - 2016-02-24 09:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-09 03:31 - 2016-02-24 09:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll
2016-03-09 03:31 - 2016-02-24 09:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 03:31 - 2016-02-24 09:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2016-03-09 03:31 - 2016-02-24 09:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-09 03:31 - 2016-02-24 09:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-09 03:31 - 2016-02-24 09:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-09 03:31 - 2016-02-24 09:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-03-09 03:31 - 2016-02-24 09:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-09 03:31 - 2016-02-24 09:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-09 03:31 - 2016-02-24 09:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-03-09 03:31 - 2016-02-24 09:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-09 03:31 - 2016-02-24 09:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-09 03:31 - 2016-02-24 09:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-09 03:31 - 2016-02-24 09:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-09 03:31 - 2016-02-24 08:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 03:31 - 2016-02-24 08:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTypeHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 08:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\ExtrasXmlParser.dll
2016-03-09 03:31 - 2016-02-24 08:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-09 03:31 - 2016-02-24 08:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-03-09 03:31 - 2016-02-24 08:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\UserDataLanguageUtil.dll
2016-03-09 03:31 - 2016-02-24 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenanceClient.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-09 03:31 - 2016-02-24 08:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-09 03:31 - 2016-02-24 08:35 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 03:31 - 2016-02-24 08:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-09 03:31 - 2016-02-24 08:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-09 03:31 - 2016-02-24 08:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 03:31 - 2016-02-24 08:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2016-03-09 03:31 - 2016-02-24 08:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\POSyncServices.dll
2016-03-09 03:31 - 2016-02-24 08:23 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-03-09 03:31 - 2016-02-24 08:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 03:31 - 2016-02-24 08:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UserDataPlatformHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 08:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\fwpolicyiomgr.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\system32\VCardParser.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2016-03-09 03:31 - 2016-02-24 08:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2016-03-09 03:31 - 2016-02-24 08:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-03-09 03:31 - 2016-02-24 08:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 03:31 - 2016-02-24 08:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 03:31 - 2016-02-24 08:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\ExSMime.dll
2016-03-09 03:31 - 2016-02-24 08:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentActivation.dll
2016-03-09 03:31 - 2016-02-24 08:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\cemapi.dll
2016-03-09 03:31 - 2016-02-24 08:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-03-09 03:31 - 2016-02-24 08:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2016-03-09 03:31 - 2016-02-24 08:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-03-09 03:31 - 2016-02-24 08:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2016-03-09 03:31 - 2016-02-24 08:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-03-09 03:31 - 2016-02-24 08:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2016-03-09 03:31 - 2016-02-24 08:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-09 03:31 - 2016-02-24 08:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-03-09 03:31 - 2016-02-24 08:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-03-09 03:31 - 2016-02-24 08:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-09 03:31 - 2016-02-24 07:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-03-09 03:31 - 2016-02-24 07:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-03-09 03:31 - 2016-02-24 07:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-09 03:31 - 2016-02-24 07:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-09 03:31 - 2016-02-24 07:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 07:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-09 03:31 - 2016-02-24 07:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 03:31 - 2016-02-24 07:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-09 03:31 - 2016-02-24 07:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 03:31 - 2016-02-24 07:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 03:31 - 2016-02-24 07:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-03-09 03:31 - 2016-02-24 07:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 03:31 - 2016-02-24 07:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-03-09 03:31 - 2016-02-24 07:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-09 03:31 - 2016-02-24 07:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-03-09 03:31 - 2016-02-24 07:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-09 03:31 - 2016-02-24 07:42 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-03-09 03:31 - 2016-02-24 07:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-03-09 03:31 - 2016-02-24 07:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-03-09 03:31 - 2016-02-24 07:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 03:31 - 2016-02-24 07:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 03:31 - 2016-02-24 07:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-09 03:31 - 2016-02-24 07:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-09 03:31 - 2016-02-24 07:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-09 03:31 - 2016-02-24 07:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-09 03:31 - 2016-02-24 07:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-03-09 03:31 - 2016-02-24 07:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 03:31 - 2016-02-24 07:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-09 03:31 - 2016-02-24 07:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-09 03:31 - 2016-02-24 07:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-09 03:31 - 2016-02-24 07:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-09 03:31 - 2016-02-24 07:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-09 03:31 - 2016-02-24 07:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-09 03:31 - 2016-02-24 07:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-09 03:31 - 2016-02-24 07:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-09 03:31 - 2016-02-24 07:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 03:31 - 2016-02-24 07:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-09 03:31 - 2016-02-24 07:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-09 03:31 - 2016-02-24 07:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-09 03:31 - 2016-02-24 07:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-09 03:31 - 2016-02-24 07:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-09 03:31 - 2016-02-24 07:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-09 03:31 - 2016-02-24 07:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-09 03:31 - 2016-02-24 07:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-09 03:31 - 2016-02-24 07:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-09 03:31 - 2016-02-24 07:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-09 03:31 - 2016-02-24 07:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-09 03:31 - 2016-02-24 07:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-09 03:31 - 2016-02-24 07:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 03:31 - 2016-02-24 07:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-03-09 03:31 - 2016-02-24 06:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-09 03:31 - 2016-02-24 06:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-09 03:31 - 2016-02-24 06:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fwbase.dll
2016-03-09 03:31 - 2016-02-24 06:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-09 03:31 - 2016-02-24 06:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-09 03:31 - 2016-02-24 06:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-09 03:31 - 2016-02-24 06:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-09 03:31 - 2016-02-24 06:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 03:31 - 2016-02-24 06:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 03:31 - 2016-02-24 06:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 03:31 - 2016-02-24 06:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-03-09 03:31 - 2016-02-24 06:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 03:31 - 2016-02-24 06:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 03:31 - 2016-02-24 05:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-09 03:31 - 2016-02-24 05:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 09:44 - 2016-01-25 20:09 - 00031391 _____ C:\Users\Sales\Desktop\FRST.txt
2016-04-07 09:44 - 2016-01-11 22:11 - 00000000 ____D C:\FRST
2016-04-07 09:44 - 2016-01-05 10:45 - 00000000 ____D C:\Users\Sales\AppData\Local\CrashDumps
2016-04-07 09:44 - 2015-12-31 19:06 - 03084288 _____ C:\Users\Sales\AppData\Local\com.dswiss.securesafe.db3
2016-04-07 09:43 - 2016-02-22 14:00 - 00000000 ___RD C:\Users\Sales\Creative Cloud Files
2016-04-07 09:43 - 2016-01-08 18:06 - 00007944 _____ C:\Windows\system32\Drivers\etc\hosts.tmp
2016-04-07 09:43 - 2016-01-05 12:11 - 00000000 ____D C:\Users\Sales\AppData\Local\Adobe
2016-04-07 09:28 - 2016-01-21 21:30 - 00003950 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1453408251
2016-04-07 09:28 - 2016-01-21 21:30 - 00001204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-04-07 09:28 - 2016-01-21 21:30 - 00000000 ____D C:\Program Files (x86)\Opera
2016-04-07 09:19 - 2015-12-31 10:46 - 00890954 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-07 09:19 - 2015-10-30 08:21 - 00000000 ____D C:\Windows\INF
2016-04-07 09:16 - 2016-02-25 21:41 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Dash
2016-04-07 09:15 - 2015-12-31 12:53 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-07 09:14 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-07 09:13 - 2016-01-02 12:37 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-07 09:13 - 2015-12-31 18:56 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-07 09:13 - 2015-12-31 10:41 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 09:12 - 2015-10-30 07:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-07 08:45 - 2016-02-08 17:28 - 00000000 ____D C:\ProgramData\CLink4
2016-04-07 07:20 - 2016-01-02 12:29 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-04-07 07:17 - 2016-01-14 21:29 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-07 07:17 - 2016-01-14 21:29 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-07 07:16 - 2016-01-25 20:02 - 00004112 _____ C:\Users\Sales\Desktop\Rkill.txt
2016-04-07 07:15 - 2015-12-31 10:43 - 00000000 ____D C:\Users\Sales
2016-04-07 07:08 - 2015-12-31 11:39 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-04-07 07:07 - 2015-10-30 08:24 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-07 06:33 - 2016-02-09 22:00 - 00000000 ____D C:\Program Files (x86)\NirSoft
2016-04-06 16:21 - 2015-12-31 10:43 - 00000000 ____D C:\Users\Sales\AppData\Local\Packages
2016-04-06 16:19 - 2016-02-27 14:37 - 00000933 _____ C:\Users\Sales\Desktop\Safejumper.lnk
2016-04-06 16:19 - 2016-02-21 16:34 - 00001424 _____ C:\Users\Sales\Desktop\PowerChute Business Edition Console.lnk
2016-04-06 16:19 - 2016-02-09 13:32 - 00001023 _____ C:\Users\Sales\Desktop\PerformanceTest.lnk
2016-04-06 16:19 - 2016-01-22 12:59 - 00001821 _____ C:\Users\Sales\Desktop\EXCEL.EXE - Shortcut.lnk
2016-04-06 16:19 - 2016-01-22 12:58 - 00001841 _____ C:\Users\Sales\Desktop\WINWORD.EXE - Shortcut.lnk
2016-04-06 16:19 - 2016-01-22 12:01 - 00001088 _____ C:\Users\Sales\Desktop\Proxifier.lnk
2016-04-06 16:19 - 2016-01-11 14:49 - 00001602 _____ C:\Users\Sales\Desktop\iexplore.exe - Shortcut.lnk
2016-04-06 16:19 - 2016-01-01 22:10 - 00001092 _____ C:\Users\Sales\Desktop\FlashFXP 5.lnk
2016-04-06 16:19 - 2015-12-31 11:23 - 00002069 _____ C:\Users\Sales\Desktop\chrome.exe - Shortcut.lnk
2016-04-06 11:35 - 2016-02-21 20:20 - 00000000 ____D C:\Users\Sales\Desktop\BittyClient
2016-04-06 06:22 - 2016-02-07 17:28 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-06 06:22 - 2016-01-05 11:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-06 06:17 - 2016-01-23 01:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-06 05:18 - 2016-01-26 04:09 - 00000000 ____D C:\Users\Sales\AppData\Local\ElevatedDiagnostics
2016-04-06 05:15 - 2016-02-27 18:08 - 00000000 ____D C:\Users\Sales\Desktop\mbar
2016-04-06 05:15 - 2016-02-27 18:08 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-06 04:05 - 2016-01-15 11:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-06 04:05 - 2016-01-14 21:28 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-06 04:05 - 2016-01-14 21:28 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-06 03:31 - 2016-01-25 23:34 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2016-04-06 03:31 - 2016-01-25 23:34 - 00001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2016-04-06 03:31 - 2016-01-25 23:33 - 00001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2016-04-06 03:31 - 2016-01-25 23:33 - 00000000 ____D C:\Program Files\Wireshark
2016-04-06 03:01 - 2016-03-01 08:50 - 00003276 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2
2016-04-06 03:01 - 2016-03-01 08:50 - 00002908 _____ C:\Windows\System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon
2016-04-06 03:01 - 2016-02-29 04:07 - 00003014 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-06 03:01 - 2016-02-09 12:47 - 00002380 _____ C:\Windows\System32\Tasks\{4E42E9FA-9DEB-490D-9C5C-066D4F1BA716}
2016-04-06 03:01 - 2016-01-15 11:36 - 00003104 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 03:01 - 2016-01-14 21:28 - 00003500 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-06 03:01 - 2016-01-14 21:28 - 00003276 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-02 12:14 - 2016-02-09 21:14 - 00051724 _____ C:\Users\Sales\Desktop\Addition.txt
2016-04-02 02:26 - 2016-01-03 21:27 - 00000000 ____D C:\Program Files\CCleaner
2016-04-02 02:20 - 2015-10-30 07:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-04-02 01:16 - 2016-02-27 17:57 - 00000000 ____D C:\Users\Sales\Desktop\FRST-OlderVersion
2016-04-02 01:16 - 2016-01-12 11:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-03-25 02:49 - 2016-01-02 12:29 - 01373864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-03-25 02:49 - 2016-01-02 12:29 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-03-25 02:48 - 2016-01-02 12:29 - 01767432 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-03-25 02:48 - 2016-01-02 12:29 - 01756608 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-03-25 02:48 - 2016-01-02 12:29 - 00112216 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-03-24 20:45 - 2016-01-14 10:30 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Skype
2016-03-24 20:37 - 2016-01-14 10:31 - 00000000 ____D C:\Users\Sales\AppData\Roaming\.purple
2016-03-24 10:48 - 2015-12-31 20:22 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2016-03-24 10:48 - 2015-12-31 10:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-24 09:15 - 2016-01-04 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2016-03-24 09:15 - 2016-01-04 17:42 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2016-03-24 03:57 - 2015-12-31 14:01 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Bitcoin
2016-03-23 11:44 - 2015-12-31 14:12 - 00000000 ____D C:\Users\Sales\AppData\Roaming\Armory
2016-03-23 03:10 - 2015-12-31 12:48 - 00000000 ____D C:\ProgramData\BDLogging
2016-03-23 02:52 - 2015-12-31 12:45 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-03-23 02:18 - 2015-10-30 08:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-23 02:05 - 2015-12-31 12:48 - 00002270 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2016-03-23 00:48 - 2016-01-01 22:10 - 00000000 ____D C:\Program Files (x86)\FlashFXP 5
2016-03-22 13:32 - 2016-02-24 19:02 - 00000000 ____D C:\Users\Sales\AppData\Roaming\mIRC
2016-03-22 02:38 - 2015-12-31 19:07 - 00000000 ____D C:\Users\Sales\Documents\Health
2016-03-21 21:01 - 2016-01-02 12:28 - 00056384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-03-21 11:23 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\system32\NDF
2016-03-21 02:59 - 2015-12-31 11:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-17 13:53 - 2015-12-31 12:47 - 00290032 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2016-03-16 23:24 - 2015-12-31 19:07 - 00000000 ____D C:\Users\Sales\Documents\Business
2016-03-16 08:57 - 2016-01-22 14:21 - 00000000 ____D C:\Users\Sales\Desktop\Tor Browser
2016-03-15 21:45 - 2015-10-30 08:24 - 00000000 ____D C:\Windows\LiveKernelReports
2016-03-11 14:32 - 2016-02-06 20:39 - 00000000 ____D C:\Users\Sales\Desktop\inc32
2016-03-11 14:20 - 2016-02-29 04:07 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 14:07 - 2015-12-31 10:39 - 04892584 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-11 14:06 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 14:08 - 2016-02-27 18:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-08 08:12 - 2015-10-30 08:26 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-08 08:12 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-12-31 19:06 - 2016-04-07 09:44 - 3084288 _____ () C:\Users\Sales\AppData\Local\com.dswiss.securesafe.db3
2016-02-03 11:07 - 2016-02-03 11:07 - 0000600 _____ () C:\Users\Sales\AppData\Local\PUTTY.RND
2016-02-06 21:02 - 2016-02-06 21:02 - 0000713 _____ () C:\Users\Sales\AppData\Local\recently-used.xbel
2016-01-09 14:48 - 2016-01-09 14:48 - 0000017 _____ () C:\Users\Sales\AppData\Local\resmon.resmoncfg
2015-12-31 12:48 - 2015-12-31 12:48 - 0410050 _____ () C:\ProgramData\1451562419.bdinstall.bin
2016-02-16 16:31 - 2016-02-16 16:31 - 0025196 _____ () C:\ProgramData\1455636689.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 0025902 _____ () C:\ProgramData\1458697956.bdinstall.bin
2016-03-23 02:52 - 2016-03-23 02:52 - 0025973 _____ () C:\ProgramData\1458697960.bdinstall.bin
2015-12-31 11:00 - 2015-12-31 11:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Sales\armory_0.93.3_winAll.exe


Some files in TEMP:
====================
C:\Users\Sales\AppData\Local\Temp\libeay32.dll
C:\Users\Sales\AppData\Local\Temp\msvcr120.dll
C:\Users\Sales\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-01 21:51

==================== End of FRST.txt ============================


Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Sales (2016-04-07 07:06:55) Run:1
Running from C:\Users\Sales\Desktop
Loaded Profiles: Sales (Available Profiles: Sales)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:

HKU\S-1-5-21-106550278-2020945526-1740148854-1001\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
FF Extension: Video DownloadHelper - C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-03-08]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
2016-03-20 20:47 - 2016-02-22 14:00 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-20 21:35 - 2016-01-20 21:35 - 0044086 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
File: C:\Users\Sales\armory_0.93.3_winAll.exe
C:\Users\Sales\AppData\Local\Temp\dllnt_dump.dll
CustomCLSID: HKU\S-1-5-21-106550278-2020945526-1740148854-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0EAC68A6D5D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
*****************

Processes closed successfully.
HKU\S-1-5-21-106550278-2020945526-1740148854-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
C:\Users\Sales\AppData\Roaming\Mozilla\Firefox\Profiles\5ndz7jc3.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi => path removed successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\Program Files (x86)\DLS8Uninstall.log => moved successfully

========================= File: C:\Users\Sales\armory_0.93.3_winAll.exe ========================

File not signed
MD5: DB512BB36BF221BE4642809AC709BF86
Creation and modification date: 2015-12-31 14:18 - 2015-12-31 14:19
Size: 22777512
Attributes: ----A
Company Name: Armory Technologies Inc.
Internal Name:
Original Name:
Product: Bitcoin Armory
Description:
File Version: 0.93.3.0
Product Version: 0.93.3.0
Copyright:

====== End of File: ======

C:\Users\Sales\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKU\S-1-5-21-106550278-2020945526-1740148854-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-B0EAC68A6D5D}" => key removed successfully


The system needed a reboot.

==== End of Fixlog 07:07:13 ====



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:09 PM

Posted 07 April 2016 - 04:12 AM

Robert20998735:

 

Thank you for your logs.  I really appreciate it.  I have to be away today for most of the day, but will give them a look later and will get back to you, hopefully within 48 hours, after I have consulted with my supervisor.

 

Unfortunately for me, you neglected to answer my most important question: 

 

:step8: Please let me know, specifically, what problems that you might still be experiencing. Please list them with as much detail as possible to help to identify the cause of any remaining issues.

If you would be kind enough to answer that question as soon as convenient, it will be very helpful to me when I am examining the logs later today for possible anomalies.

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 07 April 2016 - 09:35 AM

Hi, i appreciate your time, more info.

 

I keep having this problem where i cant view hidden files, i run bitdefender and restart and then i can view the hidden files again but after a few more restarts it will happen again but not all the time just sometimes, i check the button and it unchecks itself?

 

The desktop also appears to be refreshing ever 10-15 seconds which i know isn't good.

 

I have had targeted phishing email as well which makes me suspect some has obtained my email account details because there a few of these phishing emails people should not know about really, unless it just lucky guesses.

 

I use securesafe as password safe as well for holding person/business files and am worried it could be compromised which would be huge deal...

 

Regards,

User



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:09 PM

Posted 08 April 2016 - 10:57 AM

Robert20098735:

Thank you for your logs and your responses to my questions. I can find no legitimate search results for the two programs (bl and ph) that I asked you about, and you have asked me about, so I am going to remove them from your system. I have seen those programs being removed by other qualified malware removal specialists as a part of their cleanup of an infected computer.
 

I keep having this problem where i cant view hidden files, i run bitdefender and restart and then i can view the hidden files again but after a few more restarts it will happen again but not all the time just sometimes, i check the button and it unchecks itself?

 
That I would not be too concerned about, at least for now. It happens on my Windows 10 computers as well. Both also run Bitdefender. I don't know if Bitdefender updates, Windows Updates, or what other installed programs might be switching "View Hidden Files" off randomly on occasion. Like you, I normally have that turned on.

 

The desktop also appears to be refreshing ever 10-15 seconds which i know isn't good.

 
That could be caused by any number of hardware and software issues. I am suspicious that you might have some Windows 10 system file corruption issues, and we will investigate those further in this post.

 

I have had targeted phishing email as well which makes me suspect some has obtained my email account details because there a few of these phishing emails people should not know about really, unless it just lucky guesses.

 
I get probably weekly targeted phishing emails, as does everyone I know. I think the bad guys use computers to generate possible user email names. They also can "harvest" email addresses and names from other infected computers of folks and companies who happen to have you in their email contact list. That is not something that would indicate that there is necessarily malware on your computer. I know my computer is clean.

 

I use securesafe as password safe as well for holding person/business files and am worried it could be compromised which would be huge deal...

 
From what limited research I have done, unless they permitted you to create a very weak, common password ("password", "12345", "Robert", etc.) to access your SecureSafe account, that information should be out of reach of the bad guys. All reports are that SecureSafe is a reputable company with strong encryption technology and two backup redundancy systems.


OK, let's start with Round 2 of this cleanup.
 


:step1: You should turn on System Restore, configure the space allocation for your C: drive, and then create a System Restore Point before running the fixlist.txt file contents below. See instructions here. If you have any questions, please stop now and ask. I would like you have a System Restore point in the unlikely event that one or both of these programs is/are a component of another legitimate program installed on your computer, although I consider that highly unlikely, but it is always best to err on the side of caution. The motto here at Bleeping Computers is like that of the medical profession: "Do NO Harm!"
 


:step2: Are you familiar with this Bitcoin Program? Did you install it and do you want to keep it? More information on this program can be found here. I suspect that you intentionally installed this program. I just want to confirm that.

File not signed
MD5: DB512BB36BF221BE4642809AC709BF86ss
Creation and modification date: 2015-12-31 14:18 - 2015-12-31 14:19
Size: 22777512
Attributes: ----A
Company Name: Armory Technologies Inc.
Internal Name:
Original Name:
Product: Bitcoin Armory
Description:
File Version: 0.93.3.0
Product Version: 0.93.3.0
Copyright:

 
 
:step3: Please copy the contents of the code box below and paste it into Notepad. Save it to the Desktop with the filename fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Reg: reg query "HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}"

 
 
:step4: Please open an elevated command prompt (see instructions here) and type the command:

sfc /scannow

The scan should take 20 to 30 minutes to run. Please let me know what the results are; specifically, if any "Resource Integrity Violations" are found and that were not fixed.
If errors are reported and not fixed, please open Windows Explorer immediately and navigate to: C:\Windows\Logs\CBS folder and find the file CBS.log. Copy, not move, this file to your desktop. You can copy by holding the Ctrl key and dragging the file to the Desktop. This file is volatile, so we want to get it copied as soon as possible to the Desktop where it will not be further modified, while leaving the original behind in its proper folder. That original file may be modified within hours or days.
Reboot your computer.
 


:step5: Please open an elevated command prompt and type the command:

chkdsk c: /r

You will be notified that the volume is in use and whether you wish to reboot and run it the next time the computer boots up. Reply "Y" or "Yes" and reboot your computer. It will partially boot up and then notify you that a "chkdsk" has been scheduled and press any key to cancel. Do not press any keys. Let the scan begin. Depending on the size and speed of your hard drive, this could take 4 to 12 hours to run and your computer will reboot at the end of the scan. This is a good thing to run when you before you go to bed! :)
When the computer reboots, we want to find the results in the Event Viewer. Instructions to do so are here.
You can then either copy the contents of the entire screen (scrolling down) and paste them into your next reply; or, on the right hand side of the event viewer, you can select "Save Selected Events" and attach the chkdsk event file to your next reply.


Just in case you are wondering, I have asked for steps :step4: and :step5: because I want to rule out system file corruption and/or file corruption and other disk errors on your drive C: as possible causes of any issues you might be experiencing, particularly your rapid desktop refreshing.
 
 

:step6: How did you obtain your Windows 10? Did you purchase a computer with it installed; or, did you upgrade? If upgrade, how: "Upgrade" option or "Clean Install"? I am asking because your current video driver might not be fully compatible with Windows 10, so we will have to look into that possibility if your sfc and chkdsk scans come back reasonably clean. I say "reasonably clean" because chkdsk always reports some cleanup occurred, which is normal. It depends on the extent of what it found, so do not be distressed seeing in the event log that chkdsk found some errors. I will interpret the results and let you know if it is anything to be concerned about. I am sure if you ran chkdsk on my computer now, it would find some minor issues. They are not of concern and are the rule, rather than the exception.


Thank you for your cooperation and patience. Have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 09 April 2016 - 02:14 AM

I sell bitcoin so yes i am familiar with it and it is meant to be on the system,

 

Thanks for all the help i am not confident enough to try these things myself, but i have had enough of the strange going's on.

 

outlook won't close i have to end task from task manager and outlook clicktorun, don't know why this is.

 

I still dont get a start menu not sure if it is possible to recover that, the privacy app removed it when i first installed in 10 as i didn't want all the MS keylogging etc.

 

Securesafe, is fine I always use a good password and change it occasionally.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Sales (2016-04-09 07:42:35) Run:2
Running from C:\Users\Sales\Desktop
Loaded Profiles: Sales (Available Profiles: Sales)
Boot Mode: Normal
==============================================

fixlist content:
*****************
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Reg: reg query "HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}"
*****************

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent => value removed successfully

========= reg query "HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}" =========


HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}\shell
HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}\_Autorun


========= End of Reg: =========


==== End of Fixlog 07:42:35 ====



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:09 PM

Posted 10 April 2016 - 12:52 PM

Robert20998735:

Thank you for your post and the log. You do not mention the results of the sfc /scannow or the chkdsk /r, Steps :step4: and :step5: in my previous post. Those scans might reveal the cause of these problems you are reporting:
 

outlook won't close i have to end task from task manager and outlook clicktorun, don't know why this is.

I still dont get a start menu not sure if it is possible to recover that, the privacy app removed it when I first installed in 10 as i didn't want all the MS keylogging etc.

 

 

:step1: Please run both of those scans, if you have not already done so. If you have done so, what were the results? In particular, I would like to have the chkdsk results from the Event Viewer copied and pasted into your next response.

 


:step2: I want to get a closer look at this registry subkey to ascertain whether it might be malicious. I don't think so, but I would prefer to err on the side of caution.

Please download the FARBAR MiniRegTool from here.

Ensure that only the "Export Keys" circle is checked.

Please copy and paste the following text into the Search box:

HKEY_USERS\S-1-5-21-106550278-2020945526-1740148854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7023b51-afa3-11e5-bbf1-806e6f6e6963}

Press "Go"

Once the tool has run, Notepad will open the file "Results.txt". Please copy and paste the entire "Results.txt" file into your next reply.

 

 

:step3: If running the scans in Step :step1: did not resolve your Start Menu issues, would you please let know if you can see the Windows 10 white icon on the lower, far left of your screen? If you can see it, what happens when you left click it? Right click it? Does Cortana work? Does the "Search" function work?

 

 

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 Robert20998735

Robert20998735
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 10 April 2016 - 08:44 PM

running cmd.exe as admin from sys32 folder and doing sfc /scannow gives me an error, i have tried it before, cbs log error.

 

I have moved the cbs log from then to my desktop how do i attach it as i think it might be to big for a window?

 

 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

Stage 1: Examining basic file system structure ...
  360704 file records processed.                                                         File verification completed.
  6416 large file records processed.                                      0 bad file records processed.                                      
Stage 2: Examining file name linkage ...
  433322 index entries processed.                                                        Index verification completed.
  0 unindexed files scanned.                                           0 unindexed files recovered to lost and found.                     
Stage 3: Examining security descriptors ...
Cleaning up 289 unused index entries from index $SII of file 0x9.
Cleaning up 289 unused index entries from index $SDH of file 0x9.
Cleaning up 289 unused security descriptors.
Security descriptor verification completed.
  36310 data files processed.                                            CHKDSK is verifying Usn Journal...
  33924800 USN bytes processed.                                                            Usn Journal verification completed.

Stage 4: Looking for bad clusters in user file data ...
  360688 files processed.                                                                File data verification completed.

Stage 5: Looking for bad, free clusters ...
  232040540 free clusters processed.                                                        Free space verification is complete.

Windows has scanned the file system and found no problems.
No further action is required.

1171531775 KB total disk space.
 242756460 KB in 178478 files.
    114468 KB in 36311 indexes.
         0 KB in bad sectors.
    498687 KB in use by the system.
     65536 KB occupied by the log file.
 928162160 KB available on disk.

      4096 bytes in each allocation unit.
 292882943 total allocation units on disk.
 232040540 allocation units available on disk.

Internal Info:
00 81 05 00 90 46 03 00 de 3a 06 00 00 00 00 00  .....F...:......
5d 02 00 00 0a 00 00 00 00 00 00 00 00 00 00 00  ]...............

Windows has finished checking your disk.
Please wait while your computer restarts.
Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Stage 1: Examining basic file system structure ... 360704 file records processed. File verification completed. 6416 large file records processed. 0 bad file records processed. Stage 2: Examining file name linkage ... 433322 index entries processed. Index verification completed. 0 unindexed files scanned. 0 unindexed files recovered to lost and found. Stage 3: Examining security descriptors ... Cleaning up 289 unused index entries from index $SII of file 0x9. Cleaning up 289 unused index entries from index $SDH of file 0x9. Cleaning up 289 unused security descriptors. Security descriptor verification completed. 36310 data files processed. CHKDSK is verifying Usn Journal... 33924800 USN bytes processed. Usn Journal verification completed. Stage 4: Looking for bad clusters in user file data ... 360688 files processed. File data verification completed. Stage 5: Looking for bad, free clusters ... 232040540 free clusters processed. Free space verification is complete. Windows has scanned the file system and found no problems. No further action is required. 1171531775 KB total disk space. 242756460 KB in 178478 files. 114468 KB in 36311 indexes. 0 KB in bad sectors. 498687 KB in use by the system. 65536 KB occupied by the log file. 928162160 KB available on disk. 4096 bytes in each allocation unit. 292882943 total allocation units on disk. 232040540 allocation units available on disk. Internal Info: 00 81 05 00 90 46 03 00 de 3a 06 00 00 00 00 00 .....F...:...... 5d 02 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ]............... Windows has finished checking your disk. Please wait while your computer restarts.

 

 


 

Windows 10 pro is from an upgrade, but i did a fresh install from usb media after upgrading online






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users