Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

help before i kill my pc please lol :twisted:

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Thu Aug 06, 2015 6:14 am    Post subject: help before i kill my pc please lol :twisted: Reply with quote

i had a warning come up on my pc blue screen telling me to contact a tech asap i know nothing about pc's so i rang they tried making me fork out $300+ (i didnt) so the guy said he will do what he can to help me i noticed he was stuffing round and changing alot of my settings and programs but not actually removing the cause of the problem. i installed revo uninstaller pro and uninstalled as much crap he done as i could, ran microsoft defended, malwarebyts, hitman pro, but since the tech was on my pc every time i start my pc a black box pops up with this on it c:\Windows\system32\cmd.exe and also on games i play my screen flickers.... help Evil or Very Mad Evil or Very Mad

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:37:50 PM, on 6/08/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\rr\AppData\Local\Temp\ocrAAEE.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\rr\AppData\Local\Temp\ocrE12A.tmp\bin\rubyw.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\rr\AppData\Roaming\IMVUClient\IMVUClient.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Firestorm-Betax64\SLPlugin.exe
C:\Program Files\Firestorm-Betax64\SLVoice.exe
C:\Program Files\Firestorm-Betax64\SLPlugin.exe
C:\Program Files\Firestorm-Betax64\SLPlugin.exe
C:\Program Files\Firestorm-Betax64\SLPlugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Firestorm-Betax64\SLPlugin.exe
C:\Users\rr\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://blingeeplus.searchcanvas.com/?ot=6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - c:\Program Files (x86)\PicLensIE\cooliris.dll
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-881960506-946978799-1751547296-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-881960506-946978799-1751547296-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - c:\Program Files (x86)\PicLensIE\cooliris.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Microsoft.NET Framework SecurityCrypt x2.0c (.Net Crypt) - Unknown owner - C:\Windows\system32\mutex-Threads.exe (file missing)
O23 - Service: Microsoft.NET Framework Kernel x2.0c (.Net Main) - Unknown owner - C:\Windows\system32\idle-Threads.exe (file missing)
O23 - Service: Microsoft.NET Framework KernelSecurity x2.0c (.Net Security) - Unknown owner - C:\Windows\system32\latch-Threads.exe (file missing)
O23 - Service: CNG Key Isolation Service x2.0c (.Net Semaphore) - Unknown owner - C:\Windows\system32\semaphore-Threads.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 15055 bytes
_________________
~OzBch~
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Thu Aug 06, 2015 1:08 pm    Post subject: Reply with quote

HijackThis is not compatible with the operating system on your computer, so I need you to run a different scan for me that will give me an accurate report on your machine.


  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.



Please note ... the reports from FRST can be long, so post each log separately or you will exceed the post size limiter for this forum.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 9:20 am    Post subject: Reply with quote

thanks for your help ^^


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by rr (administrator) on RR-PC (08-08-2015 03:11:16)
Running from C:\Users\rr\Downloads
Loaded Profiles: rr (Available Profiles: rr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\idle-Threads.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\semaphore-Threads.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(http://www.ruby-lang.org/) C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(http://www.ruby-lang.org/) C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(The Phoenix Firestorm Project, Inc.) C:\Program Files\Firestorm-Betax64\Firestorm-bin.exe
() C:\Program Files\Firestorm-Betax64\win_crash_logger.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
(Vivox Inc.) C:\Program Files\Firestorm-Betax64\slvoice.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12858984 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\MountPoints2: {11d44bcb-52a6-11e1-ba63-806e6f6e6963} - E:\Setup.EXE
HKU\S-1-5-21-881960506-946978799-1751547296-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://blingeeplus.searchcanvas.com/?ot=6
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-AU&Src=MSE&Tid=00032955&OHP=https%3A%2F%2Fwww.google.com&OSP=
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = http://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = http://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-24] (Cooliris Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{28D976B1-910B-43F5-85EE-B705EE1C526A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4A643CF3-ADEB-4A9E-98D5-63E8463E93A8}: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2013-09-17] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF Extension: SpecialSavings - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-04-03]
FF HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Firefox\Extensions: [{9764bb84-7272-11dd-8eb6-20d155d89557}] - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin
FF Extension: Hide IP Firefox Add-on - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin [2013-04-16]

Chrome:
=======
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (McAfee Security Scan+) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-29]
CHR Extension: (SearchNewTab) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnkjihkkeakbingbbipachgdigflboj [2013-05-04]
CHR Extension: (Re-markit) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\clenipgmbgljnjeedmeffkheklakdmde [2014-05-27]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (continuetosiavee) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldmlhiknojnecmknodkljfbnljabhpl [2013-05-04]
CHR Extension: (Google Wallet) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-11]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (pokeBack) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boggbggjfpbbogobegefnlkoenbclamo [2014-08-25]
CHR Extension: (FB Auto-Poker) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2013-07-19]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-30]
CHR Extension: (Poke All for Chrome) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj [2013-07-19]
CHR Extension: (Pin It Button) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Adblock Pro) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-01]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [12189808 2015-07-12] () [File not signed]
U2 .Net Main; C:\Windows\System32\idle-Threads.exe [12003952 2015-07-12] () [File not signed]
U2 .Net Security; C:\Windows\System32\latch-Threads.exe [13230192 2015-07-12] () [File not signed]
U2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [1027696 2015-07-12] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-06] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-30] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [192768 2011-07-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-05] (Beijing Rising Information Technology Co., Ltd.)
S3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-23] (ITE Tech. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R4 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8204904 2011-07-05] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
R0 scssifilter; C:\Windows\System32\Drivers\scssifilter64.sys [27032 2015-07-12] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-14] ()
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2014-04-06] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2014-04-06] (Toolwiz.com)
R0 usbmp3; C:\Windows\System32\Drivers\usbmp364.sys [19864 2015-07-12] () [File not signed]
R0 usbvox; C:\Windows\System32\Drivers\usbvox64.sys [48464 2015-07-12] () [File not signed]
R0 usbwav; C:\Windows\System32\Drivers\usbwav64.sys [29080 2015-07-12] () [File not signed]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 03:11 - 2015-08-08 03:11 - 00029442 _____ C:\Users\rr\Downloads\FRST.txt
2015-08-08 03:11 - 2015-08-08 03:11 - 00000000 ____D C:\FRST
2015-08-08 03:10 - 2015-08-08 03:10 - 02170368 _____ (Farbar) C:\Users\rr\Downloads\FRST64.exe
2015-08-08 01:36 - 2015-08-08 01:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-08 01:36 - 2015-08-08 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-08 01:18 - 2015-08-08 01:18 - 00000017 _____ C:\Users\rr\AppData\Local\resmon.resmoncfg
2015-08-08 00:29 - 2015-08-08 01:59 - 00000168 _____ C:\Windows\setupact.log
2015-08-08 00:29 - 2015-08-08 00:29 - 00000000 _____ C:\Windows\setuperr.log
2015-08-08 00:28 - 2015-08-08 00:28 - 00000328 _____ C:\Windows\PFRO.log
2015-08-08 00:03 - 2015-08-08 00:03 - 00000000 ____D C:\Users\rr\AppData\Local\IsolatedStorage
2015-08-08 00:02 - 2015-08-08 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-08-08 00:01 - 2015-08-08 00:01 - 00000000 ____D C:\Windows\A56C634859D0433BA48A75914858664E.TMP
2015-08-07 23:52 - 2015-08-07 23:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-08-07 23:47 - 2015-08-07 23:47 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-07 23:46 - 2015-08-07 23:46 - 00000000 ____D C:\Users\rr\Documents\BACK UPPPPP
2015-08-07 23:33 - 2015-08-07 23:34 - 00000000 ____D C:\Program Files\CCleaner
2015-08-07 23:33 - 2015-08-07 23:33 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-07 23:33 - 2015-08-07 23:33 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-07 23:33 - 2015-08-07 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-07 23:28 - 2015-08-07 23:29 - 06611176 _____ (Piriform Ltd) C:\Users\rr\Downloads\ccsetup508pro.exe
2015-08-07 23:03 - 2015-08-07 23:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-07 22:12 - 2015-08-07 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\system32\NV
2015-08-07 22:11 - 2015-08-07 22:11 - 00000000 ____D C:\Users\rr\AppData\Local\NVIDIA
2015-08-07 22:00 - 2015-08-08 01:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 21:59 - 2015-02-06 05:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 21:59 - 2015-02-06 05:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-07 21:59 - 2015-02-06 05:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 21:59 - 2015-02-06 03:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-07 21:59 - 2015-02-05 22:50 - 04236870 _____ C:\Windows\system32\nvcoproc.bin
2015-08-07 21:58 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-07 21:58 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-07 21:57 - 2015-08-07 22:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-07 20:49 - 2015-08-07 20:49 - 00001157 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2015-08-07 20:49 - 2015-08-07 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2015-08-07 20:48 - 2015-08-07 20:49 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2015-08-07 20:46 - 2015-08-07 20:47 - 32869920 _____ C:\Users\rr\Downloads\Second_Life_3_8_2_303891_i686_Setup.exe
2015-08-07 18:44 - 2015-08-07 18:44 - 00000000 ____D C:\Users\rr\Documents\Fax
2015-08-07 18:41 - 2015-08-07 18:41 - 00000000 ____D C:\Users\rr\AppData\Roaming\IQIYI Video
2015-08-07 18:25 - 2015-08-07 18:25 - 00002001 _____ C:\Users\rr\Documents\guh.txt
2015-08-07 02:18 - 2015-08-07 02:18 - 06085768 _____ (Blitware Technology Inc. ) C:\Users\rr\Downloads\driverrobot_setup.exe
2015-08-06 23:37 - 2015-08-06 23:37 - 00000000 ____D C:\Users\rr\Desktop\hijack file
2015-08-06 23:24 - 2015-08-06 23:24 - 00014996 _____ C:\Users\rr\Downloads\hijackthis.log
2015-08-06 23:23 - 2015-08-06 23:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\rr\Downloads\HijackThis.exe
2015-08-06 22:10 - 2015-08-06 22:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\Avg2015
2015-08-06 22:08 - 2015-08-06 22:09 - 05091576 _____ (AVG Technologies) C:\Users\rr\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-06 17:24 - 2015-08-06 17:24 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-06 17:23 - 2011-09-20 19:53 - 03074664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-06 17:23 - 2011-09-20 15:32 - 01510912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-08-06 17:23 - 2011-09-16 16:18 - 00098408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-08-06 17:23 - 2011-09-16 15:09 - 03209320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-08-06 17:23 - 2011-09-16 10:39 - 02519656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-08-06 17:23 - 2011-08-19 14:54 - 01881704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-06 17:23 - 2011-07-28 00:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-08-06 17:23 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-06 17:23 - 2011-07-08 14:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-08-06 17:23 - 2011-06-30 16:14 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-06 17:23 - 2011-06-14 11:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-08-06 17:23 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-08-06 17:23 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-08-06 17:23 - 2010-11-18 11:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-06 17:23 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-06 17:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-06 17:23 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-06 17:22 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-08-06 17:22 - 2011-07-28 00:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-08-06 17:22 - 2011-06-27 14:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-06 17:22 - 2011-05-05 15:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-06 17:22 - 2010-10-03 13:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-06 17:22 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-06 17:22 - 2010-05-06 17:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-06 17:21 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-06 17:21 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 00333928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2015-08-06 17:06 - 2015-08-06 17:06 - 00003202 _____ C:\Windows\System32\Tasks\{116EFABF-BBE5-4879-ACD9-4C0C137037D4}
2015-08-06 17:04 - 2015-08-06 17:05 - 00000000 ____D C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64
2015-08-06 17:04 - 2015-08-06 17:04 - 00000000 ____D C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64
2015-08-06 17:02 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\LAN_Realtek_7.46.610.2011_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64
2015-08-06 17:01 - 2011-03-30 07:53 - 00008273 _____ C:\Users\rr\Downloads\itecir.cat
2015-08-06 17:00 - 2015-08-06 17:00 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A (1).zip
2015-08-06 16:59 - 2015-08-06 17:04 - 194344927 _____ C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:03 - 89081663 _____ C:\Users\rr\Downloads\VGA_Intel_8.15.10.2462_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:01 - 14026968 _____ C:\Users\rr\Downloads\USB_Etron_1.0.0.103_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:00 - 05799236 _____ C:\Users\rr\Downloads\Lan_Realtek_7.46.610.2011_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 16:59 - 06954264 _____ C:\Users\rr\Downloads\FIR_ITE_5.1.0.8_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 17:00 - 65987390 _____ C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 09529406 _____ C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 02605994 _____ C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 17:02 - 124028229 _____ C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 16:57 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A.zip
2015-08-06 16:55 - 2015-08-06 16:56 - 00096096 _____ C:\Users\rr\Downloads\SerialNumberDetectionTool.exe
2015-08-06 16:26 - 2015-08-06 16:26 - 00000987 _____ C:\Users\Public\Desktop\Firestorm-Betax64.lnk
2015-08-06 16:26 - 2015-08-06 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-08-06 16:26 - 2015-08-06 16:26 - 00000000 ____D C:\Program Files\Firestorm-Betax64
2015-08-06 16:21 - 2015-08-06 16:25 - 72046336 _____ (Phoenix Firestorm Project Inc) C:\Users\rr\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-08-06 16:19 - 2015-08-08 00:39 - 00000000 ____D C:\Users\rr\AppData\Roaming\IMVU
2015-08-06 16:19 - 2015-08-06 16:19 - 00001861 _____ C:\Users\rr\Desktop\IMVU.lnk
2015-08-06 16:19 - 2015-08-06 16:19 - 00000000 ____D C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-08-06 16:19 - 2015-08-06 16:19 - 00000000 ____D C:\Users\rr\AppData\Roaming\IMVUClient
2015-08-06 16:17 - 2015-08-06 16:18 - 40665216 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetupFull.exe
2015-08-06 16:16 - 2015-08-06 16:16 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st (1).exe
2015-08-06 16:13 - 2015-08-06 16:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 15:19 - 2015-08-06 15:19 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-08-06 15:19 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-08-06 15:17 - 2015-08-06 15:18 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (2).exe
2015-08-06 10:37 - 2015-08-06 10:37 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-06 03:27 - 2015-08-06 03:28 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (1).exe
2015-08-06 03:27 - 2015-08-06 03:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup (1).exe
2015-08-06 02:54 - 2015-08-06 02:54 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\rr\Downloads\flashplayer18_ha_install.exe
2015-08-06 02:11 - 2015-07-29 06:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-06 02:11 - 2015-07-29 06:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-06 02:11 - 2015-07-29 05:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-06 02:10 - 2015-07-21 03:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-06 02:09 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-06 01:54 - 2015-08-06 15:46 - 00003302 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-06 01:49 - 2015-08-06 01:49 - 00248812 _____ C:\Windows\system32\.crusader
2015-08-06 01:02 - 2015-08-06 01:02 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-06 01:01 - 2015-08-06 01:49 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-06 01:00 - 2015-08-06 01:00 - 11032736 _____ (SurfRight B.V.) C:\Users\rr\Downloads\HitmanPro_x64.exe
2015-08-06 00:53 - 2015-08-06 00:53 - 00000000 ____D C:\Users\rr\Desktop\my ♥ miss u
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Windows\system32\%localappdata%
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-08-06 00:40 - 2015-08-06 00:40 - 00071168 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.dll
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 ____D C:\Windows\SysWOW64\comtypes_cache
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.lck
2015-08-06 00:39 - 2015-08-06 00:39 - 00001102 _____ C:\Windows\SysWOW64\debug.log
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2015-08-06 00:10 - 2015-08-06 00:10 - 01384064 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetup.exe
2015-08-05 23:41 - 2015-08-05 23:41 - 00000000 ____D C:\Users\rr\AppData\Local\TempTaskUpdateDetectionAF602652-FBB8-4114-80D6-344D04B4D7B9
2015-08-05 21:45 - 2015-08-06 03:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-05 21:44 - 2015-08-05 21:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup.exe
2015-08-05 20:05 - 2015-08-05 20:09 - 00000000 ____D C:\Users\rr\Documents\DESKTOP STUFFFFF
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2015-08-05 15:06 - 2015-08-06 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-05 15:06 - 2015-08-05 15:06 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-05 14:22 - 2015-08-06 13:10 - 00000000 ____D C:\Users\rr\AppData\Local\VS Revo Group
2015-08-05 14:21 - 2015-08-06 13:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-05 14:10 - 2015-08-05 14:12 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup.exe
2015-08-05 13:41 - 2015-08-05 13:31 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-08-05 13:17 - 2015-08-05 13:17 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-05 13:04 - 2015-08-05 13:04 - 00000000 ____D C:\ProgramData\AMMYY
2015-08-05 12:43 - 2015-08-07 22:07 - 00000000 ____D C:\IQIYI Video
2015-08-05 12:42 - 2015-08-08 02:01 - 00000336 ____H C:\Windows\Tasks\MBOIJCPHLUMNTOUT.job
2015-08-05 12:42 - 2015-08-05 12:42 - 00003364 _____ C:\Windows\System32\Tasks\MBOIJCPHLUMNTOUT
2015-08-05 12:41 - 2015-08-05 12:41 - 00000000 ____D C:\ProgramData\2acd4cb5c435461892520f3241ad43b9
2015-08-05 12:38 - 2015-08-06 01:49 - 00000000 ____D C:\Program Files (x86)\baidu
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Roaming\Opera Software
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Local\Opera Software
2015-08-05 12:34 - 2015-08-05 12:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-05 12:29 - 2015-08-05 19:52 - 00000000 ____D C:\Users\rr\AppData\Roaming\cpuminer
2015-08-05 12:24 - 2015-07-27 13:26 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-05 12:20 - 2015-08-05 12:20 - 00000000 ____D C:\Users\rr\AppData\Local\Geckofx
2015-08-05 12:16 - 2015-08-05 12:16 - 00000000 ____D C:\Users\rr\Documents\ѺӰ
2015-08-05 12:15 - 2015-08-05 12:15 - 00000000 ____D C:\Users\rr\AppData\Local\Temp尰
2015-08-05 12:13 - 2015-08-06 02:54 - 00000000 ___RD C:\RavBin
2015-08-05 12:13 - 2015-08-05 12:13 - 00000150 __RSH C:\rising.ini
2015-08-05 12:13 - 2015-08-05 12:13 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-08-05 12:13 - 2015-04-30 11:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-08-05 12:13 - 2015-04-09 15:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-08-05 12:13 - 2014-07-30 12:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-05 12:13 - 2014-01-02 17:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-08-05 12:13 - 2013-12-30 17:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-08-05 12:13 - 2012-09-06 10:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-08-05 12:13 - 2012-02-29 17:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-08-05 12:12 - 2015-08-06 15:45 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 11:54 - 2015-08-05 12:43 - 01000371 ____N C:\Users\rr\Downloads\FacebookHacker2015__8497_il45583.exe_installer.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 01000603 _____ C:\Users\rr\Downloads\FacebookHacker2015.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 00000004 _____ C:\Users\rr\Downloads\test.dat
2015-08-03 23:23 - 2015-08-03 23:23 - 00000220 _____ C:\Windows\system32\cpuminer-conf.json
2015-08-02 16:35 - 2015-08-02 16:35 - 00000000 _____ C:\Windows\SysWOW64\sho340E.tmp
2015-07-31 17:46 - 2015-07-31 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 17:26 - 2015-07-31 17:26 - 03337052 _____ C:\Users\rr\Downloads\IMG_3159.MOV
2015-07-31 15:36 - 2015-08-06 00:55 - 00000000 ____D C:\Users\rr\Documents\Bandicam
2015-07-31 02:21 - 2015-07-31 02:22 - 03978087 _____ C:\Users\rr\Downloads\IMG_3154.MOV
2015-07-30 16:23 - 2015-07-30 16:23 - 03139172 _____ C:\Users\rr\Downloads\IMG_3150.MOV
2015-07-28 12:07 - 2015-07-28 12:07 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50D03F05.sys
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-25 09:16 - 2015-07-25 09:16 - 00662152 _____ C:\Users\rr\Downloads\Pls Don't Go.m4a
2015-07-24 03:14 - 2015-07-24 03:14 - 00000000 _____ C:\Windows\SysWOW64\shoF5D1.tmp
2015-07-23 13:53 - 2015-07-24 03:13 - 00000000 ____D C:\Program Files (x86)\Blingee Plus
2015-07-23 13:25 - 2015-08-05 19:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-23 13:25 - 2015-07-27 13:26 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-23 00:08 - 2015-07-23 00:08 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf (1).m4a
2015-07-21 10:31 - 2015-07-15 13:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:31 - 2015-07-15 11:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:31 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 01:19 - 2015-07-20 01:19 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st.exe
2015-07-20 00:19 - 2015-07-20 00:19 - 05759300 _____ C:\Users\rr\Downloads\Fk Ittf.wav
2015-07-20 00:18 - 2015-07-20 00:18 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf.m4a
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\Users\rr\AppData\Local\LogMeIn
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\ProgramData\LogMeIn
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (2).exe
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (1).exe
2015-07-19 15:28 - 2015-07-19 15:28 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\rr\Downloads\CG_5.0.15.14.exe
2015-07-19 14:48 - 2015-07-19 14:50 - 25723531 _____ C:\Users\rr\Downloads\privateinternetaccess.exe
2015-07-19 14:31 - 2015-08-07 23:03 - 00000000 ___RD C:\Users\rr\Dropbox
2015-07-19 14:31 - 2015-07-19 14:31 - 00001230 _____ C:\Users\rr\Desktop\Dropbox.lnk
2015-07-19 14:28 - 2015-07-19 14:28 - 00000000 ____D C:\Users\rr\AppData\Roaming\Dropbox
2015-07-19 14:24 - 2015-08-08 02:35 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-19 14:24 - 2015-08-08 02:01 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-19 14:24 - 2015-08-07 23:03 - 00000000 ____D C:\Users\rr\AppData\Local\Dropbox
2015-07-19 14:24 - 2015-07-31 17:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-19 14:24 - 2015-07-19 14:30 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-19 14:24 - 2015-07-19 14:30 - 00003644 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-19 14:24 - 2015-07-19 14:24 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-19 14:23 - 2015-07-19 14:23 - 00660960 _____ (Dropbox, Inc.) C:\Users\rr\Downloads\DropboxInstaller.exe
2015-07-17 21:38 - 2015-07-17 21:38 - 00000000 ____D C:\Users\rr\Documents\Evaer
2015-07-17 00:53 - 2015-07-17 00:53 - 00000000 ____D C:\Users\rr\AppData\Local\{BEDD5EE9-AF1A-4F3E-83B5-2E2476B581A1}
2015-07-16 04:38 - 2015-07-16 04:38 - 00000000 _____ C:\Windows\SysWOW64\shoF3DF.tmp
2015-07-15 19:52 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:52 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:52 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:52 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:52 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:52 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:52 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:52 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:52 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:52 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:52 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:52 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:52 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:52 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:52 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:52 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:52 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:52 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:52 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:52 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:52 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:52 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:52 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:52 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:52 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:52 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:51 - 2015-07-15 19:51 - 00000000 ____D C:\Users\rr\AppData\Roaming\Titanium
2
_________________
~OzBch~
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 9:21 am    Post subject: Reply with quote

thanks for your help ^^


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by rr (administrator) on RR-PC (08-08-2015 03:11:16)
Running from C:\Users\rr\Downloads
Loaded Profiles: rr (Available Profiles: rr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\idle-Threads.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Windows\System32\semaphore-Threads.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(http://www.ruby-lang.org/) C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(http://www.ruby-lang.org/) C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(The Phoenix Firestorm Project, Inc.) C:\Program Files\Firestorm-Betax64\Firestorm-bin.exe
() C:\Program Files\Firestorm-Betax64\win_crash_logger.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
(Vivox Inc.) C:\Program Files\Firestorm-Betax64\slvoice.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
() C:\Program Files\Firestorm-Betax64\slplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12858984 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\MountPoints2: {11d44bcb-52a6-11e1-ba63-806e6f6e6963} - E:\Setup.EXE
HKU\S-1-5-21-881960506-946978799-1751547296-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://blingeeplus.searchcanvas.com/?ot=6
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-AU&Src=MSE&Tid=00032955&OHP=https%3A%2F%2Fwww.google.com&OSP=
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> DefaultScope {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = http://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms}
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {8D7BCC95-4B3A-4597-B533-7B32EBE22488} URL = http://blingeeplus.searchcanvas.com/web?ot=3&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-24] (Cooliris Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{28D976B1-910B-43F5-85EE-B705EE1C526A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4A643CF3-ADEB-4A9E-98D5-63E8463E93A8}: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2013-09-17] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKLM-x32\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF Extension: SpecialSavings - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com [2013-04-03]
FF HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Firefox\Extensions: [SpecialSavings@SpecialSavings.com] - C:\Users\rr\AppData\Roaming\Mozilla\Extensions\SpecialSavings@SpecialSavings.com
FF HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Firefox\Extensions: [{9764bb84-7272-11dd-8eb6-20d155d89557}] - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin
FF Extension: Hide IP Firefox Add-on - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin [2013-04-16]

Chrome:
=======
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (McAfee Security Scan+) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-29]
CHR Extension: (SearchNewTab) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnkjihkkeakbingbbipachgdigflboj [2013-05-04]
CHR Extension: (Re-markit) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\clenipgmbgljnjeedmeffkheklakdmde [2014-05-27]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (continuetosiavee) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldmlhiknojnecmknodkljfbnljabhpl [2013-05-04]
CHR Extension: (Google Wallet) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-11]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (pokeBack) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boggbggjfpbbogobegefnlkoenbclamo [2014-08-25]
CHR Extension: (FB Auto-Poker) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2013-07-19]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-30]
CHR Extension: (Poke All for Chrome) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj [2013-07-19]
CHR Extension: (Pin It Button) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Adblock Pro) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-01]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [gnfaiijpfcmdehcgcnnippmnhjjnbllp] - C:\Program Files (x86)\Blingee Plus\blingee_plus_nt.crx [2015-07-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [12189808 2015-07-12] () [File not signed]
U2 .Net Main; C:\Windows\System32\idle-Threads.exe [12003952 2015-07-12] () [File not signed]
U2 .Net Security; C:\Windows\System32\latch-Threads.exe [13230192 2015-07-12] () [File not signed]
U2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [1027696 2015-07-12] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-06] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-30] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [192768 2011-07-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-05] (Beijing Rising Information Technology Co., Ltd.)
S3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-23] (ITE Tech. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R4 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8204904 2011-07-05] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
R0 scssifilter; C:\Windows\System32\Drivers\scssifilter64.sys [27032 2015-07-12] (Microsoft Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-07-14] ()
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2014-04-06] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2014-04-06] (Toolwiz.com)
R0 usbmp3; C:\Windows\System32\Drivers\usbmp364.sys [19864 2015-07-12] () [File not signed]
R0 usbvox; C:\Windows\System32\Drivers\usbvox64.sys [48464 2015-07-12] () [File not signed]
R0 usbwav; C:\Windows\System32\Drivers\usbwav64.sys [29080 2015-07-12] () [File not signed]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 03:11 - 2015-08-08 03:11 - 00029442 _____ C:\Users\rr\Downloads\FRST.txt
2015-08-08 03:11 - 2015-08-08 03:11 - 00000000 ____D C:\FRST
2015-08-08 03:10 - 2015-08-08 03:10 - 02170368 _____ (Farbar) C:\Users\rr\Downloads\FRST64.exe
2015-08-08 01:36 - 2015-08-08 01:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-08 01:36 - 2015-08-08 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-08 01:18 - 2015-08-08 01:18 - 00000017 _____ C:\Users\rr\AppData\Local\resmon.resmoncfg
2015-08-08 00:29 - 2015-08-08 01:59 - 00000168 _____ C:\Windows\setupact.log
2015-08-08 00:29 - 2015-08-08 00:29 - 00000000 _____ C:\Windows\setuperr.log
2015-08-08 00:28 - 2015-08-08 00:28 - 00000328 _____ C:\Windows\PFRO.log
2015-08-08 00:03 - 2015-08-08 00:03 - 00000000 ____D C:\Users\rr\AppData\Local\IsolatedStorage
2015-08-08 00:02 - 2015-08-08 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-08-08 00:01 - 2015-08-08 00:01 - 00000000 ____D C:\Windows\A56C634859D0433BA48A75914858664E.TMP
2015-08-07 23:52 - 2015-08-07 23:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-08-07 23:47 - 2015-08-07 23:47 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-07 23:46 - 2015-08-07 23:46 - 00000000 ____D C:\Users\rr\Documents\BACK UPPPPP
2015-08-07 23:33 - 2015-08-07 23:34 - 00000000 ____D C:\Program Files\CCleaner
2015-08-07 23:33 - 2015-08-07 23:33 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-07 23:33 - 2015-08-07 23:33 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-07 23:33 - 2015-08-07 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-07 23:28 - 2015-08-07 23:29 - 06611176 _____ (Piriform Ltd) C:\Users\rr\Downloads\ccsetup508pro.exe
2015-08-07 23:03 - 2015-08-07 23:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-07 22:12 - 2015-08-07 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\system32\NV
2015-08-07 22:11 - 2015-08-07 22:11 - 00000000 ____D C:\Users\rr\AppData\Local\NVIDIA
2015-08-07 22:00 - 2015-08-08 01:59 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 21:59 - 2015-02-06 05:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 21:59 - 2015-02-06 05:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-07 21:59 - 2015-02-06 05:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 21:59 - 2015-02-06 03:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-07 21:59 - 2015-02-05 22:50 - 04236870 _____ C:\Windows\system32\nvcoproc.bin
2015-08-07 21:58 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-07 21:58 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-07 21:57 - 2015-08-07 22:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-07 20:49 - 2015-08-07 20:49 - 00001157 _____ C:\Users\Public\Desktop\Second Life Viewer.lnk
2015-08-07 20:49 - 2015-08-07 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
2015-08-07 20:48 - 2015-08-07 20:49 - 00000000 ____D C:\Program Files (x86)\SecondLifeViewer
2015-08-07 20:46 - 2015-08-07 20:47 - 32869920 _____ C:\Users\rr\Downloads\Second_Life_3_8_2_303891_i686_Setup.exe
2015-08-07 18:44 - 2015-08-07 18:44 - 00000000 ____D C:\Users\rr\Documents\Fax
2015-08-07 18:41 - 2015-08-07 18:41 - 00000000 ____D C:\Users\rr\AppData\Roaming\IQIYI Video
2015-08-07 18:25 - 2015-08-07 18:25 - 00002001 _____ C:\Users\rr\Documents\guh.txt
2015-08-07 02:18 - 2015-08-07 02:18 - 06085768 _____ (Blitware Technology Inc. ) C:\Users\rr\Downloads\driverrobot_setup.exe
2015-08-06 23:37 - 2015-08-06 23:37 - 00000000 ____D C:\Users\rr\Desktop\hijack file
2015-08-06 23:24 - 2015-08-06 23:24 - 00014996 _____ C:\Users\rr\Downloads\hijackthis.log
2015-08-06 23:23 - 2015-08-06 23:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\rr\Downloads\HijackThis.exe
2015-08-06 22:10 - 2015-08-06 22:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\Avg2015
2015-08-06 22:08 - 2015-08-06 22:09 - 05091576 _____ (AVG Technologies) C:\Users\rr\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-06 17:24 - 2015-08-06 17:24 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-06 17:23 - 2011-09-20 19:53 - 03074664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-06 17:23 - 2011-09-20 15:32 - 01510912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-08-06 17:23 - 2011-09-16 16:18 - 00098408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-08-06 17:23 - 2011-09-16 15:09 - 03209320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-08-06 17:23 - 2011-09-16 10:39 - 02519656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-08-06 17:23 - 2011-08-19 14:54 - 01881704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-06 17:23 - 2011-07-28 00:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-08-06 17:23 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-06 17:23 - 2011-07-08 14:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-08-06 17:23 - 2011-06-30 16:14 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-06 17:23 - 2011-06-14 11:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-08-06 17:23 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-08-06 17:23 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-08-06 17:23 - 2010-11-18 11:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-06 17:23 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-06 17:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-06 17:23 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-06 17:22 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-08-06 17:22 - 2011-07-28 00:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-08-06 17:22 - 2011-06-27 14:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-06 17:22 - 2011-05-05 15:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-06 17:22 - 2010-10-03 13:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-06 17:22 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-06 17:22 - 2010-05-06 17:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-06 17:21 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-06 17:21 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 00333928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2015-08-06 17:06 - 2015-08-06 17:06 - 00003202 _____ C:\Windows\System32\Tasks\{116EFABF-BBE5-4879-ACD9-4C0C137037D4}
2015-08-06 17:04 - 2015-08-06 17:05 - 00000000 ____D C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64
2015-08-06 17:04 - 2015-08-06 17:04 - 00000000 ____D C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64
2015-08-06 17:02 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\LAN_Realtek_7.46.610.2011_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64
2015-08-06 17:01 - 2011-03-30 07:53 - 00008273 _____ C:\Users\rr\Downloads\itecir.cat
2015-08-06 17:00 - 2015-08-06 17:00 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A (1).zip
2015-08-06 16:59 - 2015-08-06 17:04 - 194344927 _____ C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:03 - 89081663 _____ C:\Users\rr\Downloads\VGA_Intel_8.15.10.2462_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:01 - 14026968 _____ C:\Users\rr\Downloads\USB_Etron_1.0.0.103_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:00 - 05799236 _____ C:\Users\rr\Downloads\Lan_Realtek_7.46.610.2011_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 16:59 - 06954264 _____ C:\Users\rr\Downloads\FIR_ITE_5.1.0.8_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 17:00 - 65987390 _____ C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 09529406 _____ C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 02605994 _____ C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 17:02 - 124028229 _____ C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 16:57 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A.zip
2015-08-06 16:55 - 2015-08-06 16:56 - 00096096 _____ C:\Users\rr\Downloads\SerialNumberDetectionTool.exe
2015-08-06 16:26 - 2015-08-06 16:26 - 00000987 _____ C:\Users\Public\Desktop\Firestorm-Betax64.lnk
2015-08-06 16:26 - 2015-08-06 16:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm
2015-08-06 16:26 - 2015-08-06 16:26 - 00000000 ____D C:\Program Files\Firestorm-Betax64
2015-08-06 16:21 - 2015-08-06 16:25 - 72046336 _____ (Phoenix Firestorm Project Inc) C:\Users\rr\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-08-06 16:19 - 2015-08-08 00:39 - 00000000 ____D C:\Users\rr\AppData\Roaming\IMVU
2015-08-06 16:19 - 2015-08-06 16:19 - 00001861 _____ C:\Users\rr\Desktop\IMVU.lnk
2015-08-06 16:19 - 2015-08-06 16:19 - 00000000 ____D C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-08-06 16:19 - 2015-08-06 16:19 - 00000000 ____D C:\Users\rr\AppData\Roaming\IMVUClient
2015-08-06 16:17 - 2015-08-06 16:18 - 40665216 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetupFull.exe
2015-08-06 16:16 - 2015-08-06 16:16 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st (1).exe
2015-08-06 16:13 - 2015-08-06 16:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 15:19 - 2015-08-06 15:19 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-08-06 15:19 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-08-06 15:17 - 2015-08-06 15:18 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (2).exe
2015-08-06 10:37 - 2015-08-06 10:37 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-06 03:27 - 2015-08-06 03:28 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (1).exe
2015-08-06 03:27 - 2015-08-06 03:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup (1).exe
2015-08-06 02:54 - 2015-08-06 02:54 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\rr\Downloads\flashplayer18_ha_install.exe
2015-08-06 02:11 - 2015-07-29 06:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-06 02:11 - 2015-07-29 06:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-06 02:11 - 2015-07-29 05:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-06 02:10 - 2015-07-21 03:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-06 02:09 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-06 01:54 - 2015-08-06 15:46 - 00003302 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-06 01:49 - 2015-08-06 01:49 - 00248812 _____ C:\Windows\system32\.crusader
2015-08-06 01:02 - 2015-08-06 01:02 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-06 01:01 - 2015-08-06 01:49 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-06 01:00 - 2015-08-06 01:00 - 11032736 _____ (SurfRight B.V.) C:\Users\rr\Downloads\HitmanPro_x64.exe
2015-08-06 00:53 - 2015-08-06 00:53 - 00000000 ____D C:\Users\rr\Desktop\my ♥ miss u
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Windows\system32\%localappdata%
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-08-06 00:40 - 2015-08-06 00:40 - 00071168 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.dll
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 ____D C:\Windows\SysWOW64\comtypes_cache
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.lck
2015-08-06 00:39 - 2015-08-06 00:39 - 00001102 _____ C:\Windows\SysWOW64\debug.log
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2015-08-06 00:10 - 2015-08-06 00:10 - 01384064 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetup.exe
2015-08-05 23:41 - 2015-08-05 23:41 - 00000000 ____D C:\Users\rr\AppData\Local\TempTaskUpdateDetectionAF602652-FBB8-4114-80D6-344D04B4D7B9
2015-08-05 21:45 - 2015-08-06 03:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-05 21:44 - 2015-08-05 21:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup.exe
2015-08-05 20:05 - 2015-08-05 20:09 - 00000000 ____D C:\Users\rr\Documents\DESKTOP STUFFFFF
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2015-08-05 15:06 - 2015-08-06 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-05 15:06 - 2015-08-05 15:06 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-05 14:22 - 2015-08-06 13:10 - 00000000 ____D C:\Users\rr\AppData\Local\VS Revo Group
2015-08-05 14:21 - 2015-08-06 13:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-05 14:10 - 2015-08-05 14:12 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup.exe
2015-08-05 13:41 - 2015-08-05 13:31 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-08-05 13:17 - 2015-08-05 13:17 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-05 13:04 - 2015-08-05 13:04 - 00000000 ____D C:\ProgramData\AMMYY
2015-08-05 12:43 - 2015-08-07 22:07 - 00000000 ____D C:\IQIYI Video
2015-08-05 12:42 - 2015-08-08 02:01 - 00000336 ____H C:\Windows\Tasks\MBOIJCPHLUMNTOUT.job
2015-08-05 12:42 - 2015-08-05 12:42 - 00003364 _____ C:\Windows\System32\Tasks\MBOIJCPHLUMNTOUT
2015-08-05 12:41 - 2015-08-05 12:41 - 00000000 ____D C:\ProgramData\2acd4cb5c435461892520f3241ad43b9
2015-08-05 12:38 - 2015-08-06 01:49 - 00000000 ____D C:\Program Files (x86)\baidu
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Roaming\Opera Software
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Local\Opera Software
2015-08-05 12:34 - 2015-08-05 12:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-05 12:29 - 2015-08-05 19:52 - 00000000 ____D C:\Users\rr\AppData\Roaming\cpuminer
2015-08-05 12:24 - 2015-07-27 13:26 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-05 12:20 - 2015-08-05 12:20 - 00000000 ____D C:\Users\rr\AppData\Local\Geckofx
2015-08-05 12:16 - 2015-08-05 12:16 - 00000000 ____D C:\Users\rr\Documents\ѺӰ
2015-08-05 12:15 - 2015-08-05 12:15 - 00000000 ____D C:\Users\rr\AppData\Local\Temp尰
2015-08-05 12:13 - 2015-08-06 02:54 - 00000000 ___RD C:\RavBin
2015-08-05 12:13 - 2015-08-05 12:13 - 00000150 __RSH C:\rising.ini
2015-08-05 12:13 - 2015-08-05 12:13 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-08-05 12:13 - 2015-04-30 11:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-08-05 12:13 - 2015-04-09 15:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-08-05 12:13 - 2014-07-30 12:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-05 12:13 - 2014-01-02 17:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-08-05 12:13 - 2013-12-30 17:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-08-05 12:13 - 2012-09-06 10:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-08-05 12:13 - 2012-02-29 17:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-08-05 12:12 - 2015-08-06 15:45 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 11:54 - 2015-08-05 12:43 - 01000371 ____N C:\Users\rr\Downloads\FacebookHacker2015__8497_il45583.exe_installer.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 01000603 _____ C:\Users\rr\Downloads\FacebookHacker2015.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 00000004 _____ C:\Users\rr\Downloads\test.dat
2015-08-03 23:23 - 2015-08-03 23:23 - 00000220 _____ C:\Windows\system32\cpuminer-conf.json
2015-08-02 16:35 - 2015-08-02 16:35 - 00000000 _____ C:\Windows\SysWOW64\sho340E.tmp
2015-07-31 17:46 - 2015-07-31 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 17:26 - 2015-07-31 17:26 - 03337052 _____ C:\Users\rr\Downloads\IMG_3159.MOV
2015-07-31 15:36 - 2015-08-06 00:55 - 00000000 ____D C:\Users\rr\Documents\Bandicam
2015-07-31 02:21 - 2015-07-31 02:22 - 03978087 _____ C:\Users\rr\Downloads\IMG_3154.MOV
2015-07-30 16:23 - 2015-07-30 16:23 - 03139172 _____ C:\Users\rr\Downloads\IMG_3150.MOV
2015-07-28 12:07 - 2015-07-28 12:07 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50D03F05.sys
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-25 09:16 - 2015-07-25 09:16 - 00662152 _____ C:\Users\rr\Downloads\Pls Don't Go.m4a
2015-07-24 03:14 - 2015-07-24 03:14 - 00000000 _____ C:\Windows\SysWOW64\shoF5D1.tmp
2015-07-23 13:53 - 2015-07-24 03:13 - 00000000 ____D C:\Program Files (x86)\Blingee Plus
2015-07-23 13:25 - 2015-08-05 19:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-23 13:25 - 2015-07-27 13:26 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-23 00:08 - 2015-07-23 00:08 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf (1).m4a
2015-07-21 10:31 - 2015-07-15 13:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:31 - 2015-07-15 11:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:31 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 01:19 - 2015-07-20 01:19 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st.exe
2015-07-20 00:19 - 2015-07-20 00:19 - 05759300 _____ C:\Users\rr\Downloads\Fk Ittf.wav
2015-07-20 00:18 - 2015-07-20 00:18 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf.m4a
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\Users\rr\AppData\Local\LogMeIn
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\ProgramData\LogMeIn
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (2).exe
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (1).exe
2015-07-19 15:28 - 2015-07-19 15:28 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\rr\Downloads\CG_5.0.15.14.exe
2015-07-19 14:48 - 2015-07-19 14:50 - 25723531 _____ C:\Users\rr\Downloads\privateinternetaccess.exe
2015-07-19 14:31 - 2015-08-07 23:03 - 00000000 ___RD C:\Users\rr\Dropbox
2015-07-19 14:31 - 2015-07-19 14:31 - 00001230 _____ C:\Users\rr\Desktop\Dropbox.lnk
2015-07-19 14:28 - 2015-07-19 14:28 - 00000000 ____D C:\Users\rr\AppData\Roaming\Dropbox
2015-07-19 14:24 - 2015-08-08 02:35 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-19 14:24 - 2015-08-08 02:01 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-19 14:24 - 2015-08-07 23:03 - 00000000 ____D C:\Users\rr\AppData\Local\Dropbox
2015-07-19 14:24 - 2015-07-31 17:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-19 14:24 - 2015-07-19 14:30 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-19 14:24 - 2015-07-19 14:30 - 00003644 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-19 14:24 - 2015-07-19 14:24 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-19 14:23 - 2015-07-19 14:23 - 00660960 _____ (Dropbox, Inc.) C:\Users\rr\Downloads\DropboxInstaller.exe
2015-07-17 21:38 - 2015-07-17 21:38 - 00000000 ____D C:\Users\rr\Documents\Evaer
2015-07-17 00:53 - 2015-07-17 00:53 - 00000000 ____D C:\Users\rr\AppData\Local\{BEDD5EE9-AF1A-4F3E-83B5-2E2476B581A1}
2015-07-16 04:38 - 2015-07-16 04:38 - 00000000 _____ C:\Windows\SysWOW64\shoF3DF.tmp
2015-07-15 19:52 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:52 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:52 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:52 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:52 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:52 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:52 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:52 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:52 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:52 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:52 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:52 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:52 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:52 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:52 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:52 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:52 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:52 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:52 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:52 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:52 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:52 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:52 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:52 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:52 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:52 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:51 - 2015-07-15 19:51 - 00000000 ____D C:\Users\rr\AppData\Roaming\Titanium
2
_________________
~OzBch~
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 9:23 am    Post subject: Reply with quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-08-2015
Ran by rr (2015-08-08 03:12:10)
Running from C:\Users\rr\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-881960506-946978799-1751547296-500 - Administrator - Disabled)
Guest (S-1-5-21-881960506-946978799-1751547296-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-881960506-946978799-1751547296-1004 - Limited - Enabled)
rr (S-1-5-21-881960506-946978799-1751547296-1001 - Administrator - Enabled) => C:\Users\rr

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1.3M WebCam (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.108 - Realtek Semiconductor Corp.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer TouchPortal (HKLM-x32\...\{C652F86F-348A-4A65-8BE8-A3F7A6370D98}) (Version: 3.00.3008 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3500 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop CS5 Extended (HKLM-x32\...\Adobe Photoshop CS5 Extended) (Version: - )
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.4.505 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BigPond Broadband ADSL (HKLM-x32\...\{433A39B0-380C-4634-93FE-12A812954F5B}) (Version: 10.0 - BigPond)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
clear.fi (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
Cooliris for Internet Explorer (HKLM-x32\...\{14C52FEF-0236-4D8C-BBE2-E6D7C4F2926D}) (Version: 1.12.1.37152 - Cooliris Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.1711 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.4 - Illustrate)
dBpoweramp Ogg Vorbis Codec (HKLM-x32\...\dBpoweramp Ogg Vorbis Codec) (Version: Release 21 (Vorbis v1.3.2) - Illustrate)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
DriverBoost (HKLM-x32\...\{044E78D2-8F54-4F6F-AD2B-A122F8111EDB}) (Version: 8.1 - DriverBoost)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Firestorm SecondLife and OpenSim viewer (Version: 4.7.45325 - Phoenix Viewer Project) Hidden
Firestorm-Betax64 x64 (HKLM-x32\...\{97166652-349c-48f1-a024-fa8539c5cb47}) (Version: 4.7.45325 - Phoenix Firestorm Project Inc)
Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.0.8 - FUHU, Inc.)
Fooz Kids (x32 Version: 3.0.8 - FUHU, Inc.) Hidden
Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galera fotogrfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogrfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-touch) (Version: 6.2.0.5 - WildTangent, Inc.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.5 - Google Inc.) Hidden
Gyazo 3.1.4 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Hide IP NG 1.81 (HKLM-x32\...\Hide IP NG_is1) (Version: - HIDE IP SOFTWARE)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3504 - Acer Incorporated)
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.29.01 - Hyperionics Technology LLC)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
IMVU Avatar Chat Software (HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\IMVU Avatar chat client software BETA) (Version: - )
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.27 - Intel(R) Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Jet (HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Jet) (Version: 24.0.1293.0 - Performersoft) <==== ATTENTION
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\JoinMe) (Version: 1.13.0.130 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 3.1.4 - Kobo Inc.)
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mask My IP (HKLM-x32\...\MaskMyIP) (Version: 2.3.6.2 - )
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
MorphVOX Pro (HKLM-x32\...\{B3BA2206-876F-4549-9CAF-7BF3AD3BE6F5}) (Version: 3.4.26 - Screaming Bee)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
OMG Download Utility version 11.25.13 (HKU\.DEFAULT\...\{FCEA5C73-84C6-4546-9A8B-4F8F32F392B4}_is1) (Version: 11.25.13 - OMGTechSupport)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pota Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
SADES 7.1 SOUND EFFECT GAMING HEADSET (HKLM\...\C-Media CM108 Like Sound Driver) (Version: - )
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.2.303891 - Linden Research, Inc.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Smilebox (HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Smilebox) (Version: 1.0.0.25280 - Smilebox, Inc.)
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TouchSettings (HKLM-x32\...\{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}) (Version: 1.00.0006 - Acer Incorporated)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{D264BD11-6A9B-11E4-A4F7-F04DA23A5C58}) (Version: 13.0.428 - Sony)
Virtual Earth 3D (Beta) (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3505 - Acer Incorporated)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Driver Package - Atheros Communications Inc. (arusb_lhx) Net (09/25/2008 3.1.0.101) (HKLM\...\B090418E214D6BD6EE18A512A8EE609225AC9279) (Version: 09/25/2008 3.1.0.101 - Atheros Communications Inc.)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)
Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Xvid MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - Xvid Development Team)
Yahoo!7 Messenger (HKLM-x32\...\Yahoo!7 Messenger) (Version: - Yahoo! Inc.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{33C53A50-F456-4884-B049-85FD643ECFED}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\rr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\rr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\rr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\rr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-881960506-946978799-1751547296-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rr\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

06-08-2015 10:39:54 Revo Uninstaller's restore point - SecondLifeViewer (remove only)
06-08-2015 10:44:03 Revo Uninstaller's restore point - Firestorm-Betax64 x64
06-08-2015 10:44:36 Firestorm-Betax64 x64
06-08-2015 10:51:59 Revo Uninstaller's restore point - IMVU File Editor (Uninstall only)
06-08-2015 13:15:56 Revo Uninstaller's restore point - Google Chrome
06-08-2015 15:25:48 Revo Uninstaller Pro's restore point -
06-08-2015 15:37:49 Revo Uninstaller Pro's restore point -
06-08-2015 15:49:43 Revo Uninstaller Pro's restore point -
06-08-2015 15:57:52 Revo Uninstaller Pro's restore point -
06-08-2015 16:00:16 Revo Uninstaller Pro's restore point -
06-08-2015 16:08:42 Revo Uninstaller Pro's restore point -
06-08-2015 16:10:32 Revo Uninstaller Pro's restore point -
06-08-2015 16:25:53 Firestorm-Betax64 x64
06-08-2015 17:09:31 Installed Realtek PCIE Card Reader
06-08-2015 17:14:26 Installed Realtek Ethernet Controller Driver
06-08-2015 17:39:40 Revo Uninstaller Pro's restore point - msconfig
06-08-2015 18:01:51 Revo Uninstaller Pro's restore point - sg miner
06-08-2015 19:08:28 Revo Uninstaller Pro's restore point - rising antivirus
06-08-2015 22:19:16 Installed AVG 2015
06-08-2015 22:19:44 Installed AVG 2015
06-08-2015 22:20:29 Removed AVG 2015
07-08-2015 17:50:50 Revo Uninstaller Pro's restore point - VideoPad Video Editor
07-08-2015 18:36:38 Revo Uninstaller Pro's restore point - Pixillion Image Converter
07-08-2015 18:56:59 Revo Uninstaller Pro's restore point - Idle Crawler
07-08-2015 21:22:02 Revo Uninstaller Pro's restore point - NVIDIA Graphics Driver 275.70
07-08-2015 21:33:09 Revo Uninstaller Pro's restore point - Evernote v. 4.5.1
07-08-2015 21:33:38 Removed Evernote v. 4.5.1
07-08-2015 21:37:09 Removed Visual Studio 2012 x64 Redistributables
07-08-2015 21:47:47 Revo Uninstaller Pro's restore point - ITE Infrared Transceiver
07-08-2015 21:48:59 Removed ITE Infrared Transceiver
07-08-2015 22:03:08 Revo Uninstaller Pro's restore point - 爱奇艺万能播放器
07-08-2015 22:27:16 Revo Uninstaller Pro's restore point - yontoo desktop
07-08-2015 23:24:43 Revo Uninstaller Pro's restore point - YCMMirag application
07-08-2015 23:29:16 Revo Uninstaller Pro's restore point - IMVU Cache Cleaner 5
07-08-2015 23:54:07 Installed DirectX
08-08-2015 01:32:56 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2015-07-27 13:26 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts
0.0.0.1 mssplus.mcafee.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {13EB2D92-2A0A-43CF-8386-4B74657D7901} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-881960506-946978799-1751547296-1001UA => C:\Users\rr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-14] (Facebook Inc.)
Task: {17B1F252-354A-41D6-89EE-A7477F5D4250} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {28A4402C-902E-4102-8E2E-CF0C93720112} - System32\Tasks\DriverBoost-RTMScan => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2014-05-07] (PC Drivers Headquarters)
Task: {3B79AC6E-BAF4-426F-A48C-95AACF894386} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {3B97D6DF-F320-4915-AC2A-10C91E5C14DA} - System32\Tasks\MBOIJCPHLUMNTOUT => C:\ProgramData\Service0082\Service0082.exe <==== ATTENTION
Task: {3C25630E-3202-4943-A991-F49AFB68468D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {4011B327-DBF1-41F3-8117-B283A2DE3768} - System32\Tasks\{116EFABF-BBE5-4879-ACD9-4C0C137037D4} => pcalua.exe -a C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64\setup.exe -d C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64
Task: {490C39EA-7BE4-42E0-BDF3-08E9A6A08843} - System32\Tasks\DriverBoost-RTMRules => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2014-05-07] (PC Drivers Headquarters)
Task: {4B1349C3-FBD3-439F-B945-A6B3F428D31A} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-07-15] ()
Task: {4EAADD06-CEA7-4E96-A578-AA4DE7FC7938} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
Task: {50BC0276-F18F-494C-868E-BCBD3130ECDE} - \Web Tool Runner No Task File <==== ATTENTION
Task: {526BBF62-22CC-49E1-8513-51D104B9DC04} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-18] (Piriform Ltd)
Task: {5892F216-2A10-44ED-BB00-6FD2412230FE} - \WordSurfer Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {59FB3C1B-3812-471D-9228-91CACFA0146B} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {6267A835-4017-49FB-BF73-C67ADA6A1CB0} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {629E0135-3008-4182-95BD-F57B79754104} - System32\Tasks\DriverBoost-RTMScanRunOnce => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2014-05-07] (PC Drivers Headquarters)
Task: {73354A1F-9404-46F6-913A-68FB20C85711} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {77C19267-F339-4953-BD48-9EDE5B5CE18B} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-07-16] ()
Task: {7C332F49-ECDD-49DF-991F-10845819728D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9342B489-91A7-46CD-AB8E-3841C8CBC50B} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\RAV\rsdelaylauncher.exe
Task: {98674509-72B1-460B-BAFB-97841935D163} - System32\Tasks\DriverBoost-RTMUpdater => C:\Program Files (x86)\DriverBoost\DriverBoost\DriverBoost.exe [2014-05-07] (PC Drivers Headquarters)
Task: {9D5E352A-2528-47A3-AA1D-A043F48F0A78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {9FA39F71-D564-4039-805C-825477A6F0DE} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {A662F815-B588-4D86-A00A-ABDCC4389651} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-06] (Adobe Systems Incorporated)
Task: {AA03BA8C-0A39-4E72-8832-03627D8D85DC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {B20792B5-FDF0-4E09-A4C2-D5CAEADFAEB8} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {B4E7C693-AE18-4621-A1C1-24AD2489A48F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {B5229A43-9A1A-46DF-980D-61822DDC8300} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {BDD214AE-60F0-4AFA-8DC0-973F06E82DEB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {C395F120-423E-441E-98B9-1AECD1E9BC7D} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-881960506-946978799-1751547296-1001Core => C:\Users\rr\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-14] (Facebook Inc.)
Task: {CA2A8BF7-1725-4D77-868A-1E9B3EE96A6F} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {DEBC57D7-CBC5-4CFE-BAFF-88F498F68925} - \BitGuard No Task File <==== ATTENTION
Task: {E37E9483-CF4B-4E1F-91E4-EBF3B7258A96} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E59782F6-C2BE-43F2-B5A5-059240CC6889} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10] (Google Inc.)
Task: {F3C80C89-7CC0-4ED8-96D2-142D472A70EF} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2011-09-06] (Acer)
Task: {F59CD8B8-D62A-41F2-9950-0D0E1D2138C3} - System32\Tasks\{4C26DA08-ED80-4AD6-8BC1-0E624895779B} => pcalua.exe -a E:\setup.exe -d E:\
Task: {F75D54C9-5AFA-4A11-82B4-F61F8C6594E2} - System32\Tasks\update-S-1-5-21-881960506-946978799-1751547296-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {F7F3381B-A566-4641-A3C3-972B9FFDA20E} - \WordSurfer Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {FEDAA134-D4DE-41A1-A737-A251CC2D5215} - \TKRDJJVYM1 No Task File <==== ATTENTION
Task: {FF69194B-A234-49CD-B28A-2642BC42839C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-881960506-946978799-1751547296-1001Core.job => C:\Users\rr\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-881960506-946978799-1751547296-1001UA.job => C:\Users\rr\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MBOIJCPHLUMNTOUT.job => C:\ProgramData\Service0082\Service0082.exe <==== ATTENTION
Task: C:\Windows\Tasks\update-S-1-5-21-881960506-946978799-1751547296-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-07 21:59 - 2015-02-06 05:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-12 15:38 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-12-10 14:54 - 2010-08-26 16:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2011-12-19 21:38 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-05 05:25 - 2015-05-05 05:25 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-07-15 19:48 - 2015-07-15 19:48 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-07-15 19:48 - 2015-07-15 19:48 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2015-07-15 19:48 - 2015-07-15 19:48 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2015-04-30 19:01 - 2015-04-30 19:01 - 03168256 _____ () C:\Program Files\Firestorm-Betax64\libcollada14dom22.dll
2015-04-30 19:01 - 2015-04-30 19:01 - 00227840 _____ () C:\Program Files\Firestorm-Betax64\glod.dll
2015-04-30 19:01 - 2015-04-30 19:01 - 00024064 _____ () C:\Program Files\Firestorm-Betax64\growl++.dll
2015-04-30 19:01 - 2015-04-30 19:01 - 00040960 _____ () C:\Program Files\Firestorm-Betax64\growl.dll
2015-04-30 19:05 - 2015-04-30 19:05 - 02110464 _____ () C:\Program Files\Firestorm-Betax64\win_crash_logger.exe
2015-04-30 20:11 - 2015-04-30 20:11 - 01607896 _____ () C:\Program Files\Firestorm-Betax64\SLPlugin.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-10 14:54 - 2010-10-28 10:37 - 00368640 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-02-20 01:18 - 2015-02-20 01:18 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-08-08 02:01 - 2015-08-08 02:01 - 00012800 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00009728 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00014848 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00094208 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\src\rgloader\rgloader193.mswin.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00009216 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00094208 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00126976 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00087552 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00016384 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00127316 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\bin\libffi-6.dll
2015-08-08 02:01 - 2015-08-08 02:01 - 00008704 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00013312 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00095744 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00026624 _____ () C:\Users\rr\AppData\Local\Temp\ocr8F53.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00012800 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00009728 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00014848 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00094208 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\src\rgloader\rgloader193.mswin.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00094208 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00118784 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00069120 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00083968 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\bin\zlib1.dll
2015-08-08 02:02 - 2015-08-08 02:02 - 00026624 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00275968 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00015360 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00008192 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00009216 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00023552 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00008704 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00008704 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00008704 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00008704 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00036352 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00126976 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00087552 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00016384 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-08-08 02:01 - 2015-08-08 02:01 - 00127316 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\bin\libffi-6.dll
2015-08-08 02:02 - 2015-08-08 02:02 - 00013312 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00095744 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-08-08 02:02 - 2015-08-08 02:02 - 00026624 _____ () C:\Users\rr\AppData\Local\Temp\ocrB7AA.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-07-15 19:48 - 2015-07-15 19:48 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2015-07-15 19:48 - 2015-07-15 19:48 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00779264 _____ () C:\Program Files\Firestorm-Betax64\llplugin\media_plugin_webkit.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 11009536 _____ () C:\Program Files\Firestorm-Betax64\llplugin\QtWebKit4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 08311296 _____ () C:\Program Files\Firestorm-Betax64\llplugin\QtGui4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 02286592 _____ () C:\Program Files\Firestorm-Betax64\llplugin\QtCore4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00942592 _____ () C:\Program Files\Firestorm-Betax64\llplugin\QtNetwork4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00141312 _____ () C:\Program Files\Firestorm-Betax64\llplugin\codecs\qcncodecs4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00167424 _____ () C:\Program Files\Firestorm-Betax64\llplugin\codecs\qjpcodecs4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00077312 _____ () C:\Program Files\Firestorm-Betax64\llplugin\codecs\qkrcodecs4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00155648 _____ () C:\Program Files\Firestorm-Betax64\llplugin\codecs\qtwcodecs4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00026112 _____ () C:\Program Files\Firestorm-Betax64\llplugin\imageformats\qgif4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00028160 _____ () C:\Program Files\Firestorm-Betax64\llplugin\imageformats\qico4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00199680 _____ () C:\Program Files\Firestorm-Betax64\llplugin\imageformats\qjpeg4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00261632 _____ () C:\Program Files\Firestorm-Betax64\llplugin\imageformats\qmng4.dll
2014-10-23 12:05 - 2014-10-23 12:05 - 00328704 _____ () C:\Program Files\Firestorm-Betax64\llplugin\imageformats\qtiff4.dll
2015-04-30 19:01 - 2015-04-30 19:01 - 00329424 _____ () C:\Program Files\Firestorm-Betax64\ortp.dll
2015-08-06 15:12 - 2015-07-31 16:19 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-06 15:12 - 2015-07-31 16:19 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-08-06 15:12 - 2015-07-31 16:19 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-881960506-946978799-1751547296-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: globalUpdate => 2
MSCONFIG\Services: globalUpdatem => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 11.lnk => C:\Windows\pss\Snagit 11.lnk.CommonStartup
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: Dolby Home Theater v4 => "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: gpuminer => C:\Users\rr\AppData\Roaming\cpuminer\sgminer\sgminer.cmd
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightShot => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: PlayGem => "C:\Program Files (x86)\PlayGem\PlayGem.exe" monetize
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: TouchORB => C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
MSCONFIG\startupreg: TouchPortalV3Launcher => C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe na
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Yontoo Desktop => "C:\Users\rr\AppData\Roaming\Yontoo\YontooDesktop.exe"
MSCONFIG\startupreg: YouCam Mirage => "C:\Program Files (x86)\Acer\Acer TouchPortal\YouCam\YCMMirage.exe"
MSCONFIG\startupreg: YouCam Tray => "C:\Program Files (x86)\Acer\Acer TouchPortal\YouCam\YouCamTray.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E98C9C57-966D-4145-A7A2-CFA40F0E9379}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{68C59998-6D46-467C-A9F2-6F2DE993D958}] => (Allow) LPort=2869
FirewallRules: [{CAD76788-5EB0-4A1E-B258-03C8307E6F0D}] => (Allow) LPort=1900
FirewallRules: [{F31DB7CA-5814-43BF-93E4-05FFADED8B9B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1B247CC2-3145-423B-B885-7C06C88C333B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{CFFE9585-5CF8-43D8-ABA3-EFDF464C21BA}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{2CDD7894-500F-4B4C-91B5-C3513CEF2491}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{E4344B4F-989E-485D-B8B3-593E30361F0D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{893BE3AE-51CD-4894-B8F5-0028F35EA831}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{A0A05A83-CDA6-4530-89BA-AA1DC727017D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{FF8DD039-0660-4C3B-91D5-5148D987C726}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{4ED0831C-AAF2-4DAB-AAF3-8C52EF6A2F3D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{FAC48592-5933-49B2-81F1-E59ADA29F2B7}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{2568E9AC-1CF2-4DFE-A913-D4BE8A01F84D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
FirewallRules: [{D75C6062-943B-4CC7-AC8A-C89D09C0C638}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\Movie\PlayMovie.exe
FirewallRules: [{88DC779F-DBD6-4944-A419-3A500342FC5E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{ACEDC73C-CA29-44F7-BF06-3AB9477ADFDF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{23F2464C-A079-419E-81D1-D7BEA8D1D871}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15378C27-FBBC-41F1-8515-6211FC63F0CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0FD4E21-5778-465E-BE14-565EA40B592E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A867281-9A91-48F7-A6E5-D2B7282F8D7E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{020D04EA-83AE-4DC4-8187-0CAEC033DAF5}] => (Allow) C:\Users\rr\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{D19657F8-EDDA-4A40-9B0D-8FA5611E91EC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{FFE9316A-5797-44E4-83AA-463BE1EE94F5}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A7064ACD-E4CA-45E0-B40B-4F0E99A23B5F}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{1D3AFB97-73B2-4427-8297-D22581180837}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [{32C6741B-4BB3-4130-9C45-BC0158D92BB5}] => (Allow) C:\Users\rr\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{70EB7DDB-4A42-43E1-ACEE-381577D02349}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{01830A31-69A9-44DA-9CB1-2681597AEE11}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{09915226-AA2D-4D5A-AEF1-9387FAB2A316}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{1ED27B4B-ADFA-4728-BCAE-4F9E7C6FEBF5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{E94D6A6D-DD92-4EC3-8211-5B810A69F4E8}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{F7CCDF10-A8D1-4E83-AAA2-116F30BE20CF}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{2F987001-671F-4364-96FE-A89C98F68493}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [UDP Query User{8ABD12FF-4289-446C-B000-8034C3D1D40A}C:\program files\firestorm-betax64\slvoice.exe] => (Allow) C:\program files\firestorm-betax64\slvoice.exe
FirewallRules: [{13EC6D6A-F3E8-4653-8E17-B4D7E7F550B1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{3CB534E2-657F-4E3F-875D-38AEACB1F3E2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{9128E2EA-E54A-4374-A1AD-02746C87EB16}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{48C5CCB2-4A9F-4DC2-8347-415474736976}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{8320FBE7-F9F9-4975-871F-88A2B385D824}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{97DE5A57-7E29-4D23-B544-CDEFEE9BD898}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Faulty Device Manager Devices =============

Name: USB PnP Sound Device
Description: USB PnP Sound Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: C-Media Electronics Inc.
Service: USBPNPA
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/08/2015 02:25:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Firestorm-bin.exe version 4.7.1.45325 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10a0

Start Time: 01d0d12b5d965c14

Termination Time: 96

Application Path: C:\Program Files\Firestorm-Betax64\Firestorm-bin.exe

Report Id: ed9ac34b-3d20-11e5-b9df-e840f20e1432

Error: (08/08/2015 02:09:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (08/08/2015 02:00:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}


System errors:
=============
Error: (08/08/2015 02:10:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (08/08/2015 01:59:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1068

Error: (08/08/2015 01:59:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%1058

Error: (08/08/2015 01:59:52 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x8007042c

Error description: The dependency service or group failed to start.

Reason: %%892

Error: (08/08/2015 01:52:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Home.

Error: (08/08/2015 01:38:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1068

Error: (08/08/2015 01:38:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%1058

Error: (08/08/2015 01:38:52 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x8007042c

Error description: The dependency service or group failed to start.

Reason: %%892

Error: (08/08/2015 01:34:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error:
%%1068

Error: (08/08/2015 01:34:06 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:
%%1058


Microsoft Office:
=========================
Error: (08/08/2015 02:25:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Firestorm-bin.exe4.7.1.4532510a001d0d12b5d965c1496C:\Program Files\Firestorm-Betax64\Firestorm-bin.exeed9ac34b-3d20-11e5-b9df-e840f20e1432

Error: (08/08/2015 02:09:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (08/08/2015 02:00:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}

Error: (08/08/2015 01:59:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Uninstall key is not found for product {90140011-0066-0409-0000-0000000FF1CE}


CodeIntegrity:
===================================
Date: 2015-08-07 21:34:14.671
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-07 21:34:14.661
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-07 21:34:14.653
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-07 21:34:13.163
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Check with the publisher to see if a new signed version of the kernel module is available.

Date: 2015-08-07 21:34:13.154
Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume3\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked. Ch
_________________
~OzBch~
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 9:55 am    Post subject: Reply with quote

sorry one posted twice my pc froze ><
_________________
~OzBch~
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Fri Aug 07, 2015 11:58 am    Post subject: Reply with quote

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Quote:
Firestorm-Betax64 x64
Jet


Reboot your computer once they're both uinstalled

Next ...

Please download AdwCleaner and save it to your desktop.


  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Next ...

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.


Next ...

Run a new scan with FRST, this time it will produce just one log FRST.txt, please post that in your next reply.

Summary of the logs I need from you in your next post:

  • ADWCleaner log
  • JRT.txt
  • New FRST.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 6:41 pm    Post subject: jrt.txt Reply with quote

stuffed up first steps, helps if im awake so redone and edited this so less spam.
_________________
~OzBch~


Last edited by ozbch on Fri Aug 07, 2015 7:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 6:45 pm    Post subject: this is not my day lol first 1 was incomplete Reply with quote

edited so less spam due to my stuffup , ty for your help too ^^
_________________
~OzBch~


Last edited by ozbch on Fri Aug 07, 2015 7:28 pm; edited 1 time in total
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 7:09 pm    Post subject: DISREGARD FIRST 2 I SCREWED UP Reply with quote

# AdwCleaner v4.208 - Logfile created 08/08/2015 at 12:59:14
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : rr - RR-PC
# Running from : C:\Users\rr\Downloads\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\SafeWeb
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Driver Boost
Folder Deleted : C:\ProgramData\BoostSoftware
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverBoost
Folder Deleted : C:\Program Files (x86)\Blingee Plus
Folder Deleted : C:\Program Files (x86)\77zip
Folder Deleted : C:\Program Files (x86)\DriverBoost
Folder Deleted : C:\Program Files (x86)\Exploremedia
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SafeWeb
Folder Deleted : C:\Users\rr\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\77zip
Folder Deleted : C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\clenipgmbgljnjeedmeffkheklakdmde
File Deleted : C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_bcfjehbfanfhgoehogmbiebedkidedjb_0
File Deleted : C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcfjehbfanfhgoehogmbiebedkidedjb
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\PUTTY.RND
File Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\PUTTY.RND
File Deleted : C:\Users\rr\AppData\Local\PUTTY.RND
File Deleted : C:\Users\rr\AppData\Roaming\PUTTY.RND

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [SpecialSavings@SpecialSavings.com]
Key Deleted : HKCU\Software\e57da8ab46fb812
Key Deleted : HKLM\SOFTWARE\e57da8ab46fb812
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E6A8DA1-5731-465B-B036-B9E16EF26CAC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\SlimWare Utilities Inc
Key Deleted : HKLM\SOFTWARE\BoostSoftware
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v


-\\ Google Chrome v44.0.2403.130

[C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&affID=121743&babsrc=SP_ss&mntrId=EA4C9CB70D4A0AC6

-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [3928 bytes] - [08/08/2015 12:57:12]
AdwCleaner[S0].txt - [3814 bytes] - [08/08/2015 12:59:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3873 bytes] ##########
_________________
~OzBch~
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 7:19 pm    Post subject: Reply with quote

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x64
Ran by rr on Sat 08/08/2015 at 13:12:29.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\rr\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\rr\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\rr\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\rr\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/08/2015 at 13:16:30.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_________________
~OzBch~
Back to top
View user's profile Send private message
ozbch
Newbie


Joined: 06 Aug 2015
Last Visit: 08 Aug 2015
Posts: 9
Location: australia

PostPosted: Fri Aug 07, 2015 7:24 pm    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-08-2015
Ran by rr (administrator) on RR-PC (08-08-2015 13:20:25)
Running from C:\Users\rr\Downloads
Loaded Profiles: rr (Available Profiles: rr)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\idle-Threads.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Windows\System32\semaphore-Threads.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\rr\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12858984 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2011-09-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794704 2015-02-20] (NVIDIA Corporation)
HKLM\...\Run: [Cm108Sound] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-18] (Piriform Ltd)
HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\MountPoints2: {11d44bcb-52a6-11e1-ba63-806e6f6e6963} - E:\Setup.EXE
HKU\S-1-5-21-881960506-946978799-1751547296-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177624 2015-02-20] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [164752 2015-02-20] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-AU&Src=MSE&Tid=00032955&OHP=https%3A%2F%2Fwww.google.com&OSP=
SearchScopes: HKLM -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-881960506-946978799-1751547296-1001 -> {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-17] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-06-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-19] (Oracle Corporation)
BHO-x32: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> c:\Program Files (x86)\PicLensIE\cooliris.dll [2010-06-24] (Cooliris Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{28D976B1-910B-43F5-85EE-B705EE1C526A}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{4A643CF3-ADEB-4A9E-98D5-63E8463E93A8}: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-08-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2015-04-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-08-06] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-19] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files (x86)\Virtual Earth 3D\ [2013-09-17] ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-06] (NVIDIA Corporation)
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.5\npGoogleUpdate3.dll [2015-08-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-881960506-946978799-1751547296-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\rr\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF HKU\S-1-5-21-881960506-946978799-1751547296-1001\...\Firefox\Extensions: [{9764bb84-7272-11dd-8eb6-20d155d89557}] - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin
FF Extension: Hide IP Firefox Add-on - C:\Users\rr\AppData\Roaming\hideip_firefox_plugin [2013-04-16]

Chrome:
=======
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-10]
CHR Extension: (SearchNewTab) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnkjihkkeakbingbbipachgdigflboj [2013-05-04]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-10]
CHR Extension: (continuetosiavee) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lldmlhiknojnecmknodkljfbnljabhpl [2013-05-04]
CHR Extension: (Google Wallet) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-29]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-10]
CHR Profile: C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-11]
CHR Extension: (YouTube) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-11]
CHR Extension: (pokeBack) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\boggbggjfpbbogobegefnlkoenbclamo [2014-08-25]
CHR Extension: (FB Auto-Poker) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmhccgdbmajoblcbfbgmhnpiecmjiadh [2013-07-19]
CHR Extension: (Google Search) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-11]
CHR Extension: (AdBlock) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-07-30]
CHR Extension: (Poke All for Chrome) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmghnjflbmdhmjnclnjpbikjbhppfmdj [2013-07-19]
CHR Extension: (Pin It Button) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-06-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR Extension: (Adblock Pro) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-01]
CHR Extension: (Gmail) - C:\Users\rr\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U2 .Net Crypt; C:\Windows\System32\mutex-Threads.exe [12189808 2015-07-12] () [File not signed]
U2 .Net Main; C:\Windows\System32\idle-Threads.exe [12003952 2015-07-12] () [File not signed]
U2 .Net Security; C:\Windows\System32\latch-Threads.exe [13230192 2015-07-12] () [File not signed]
U2 .Net Semaphore; C:\Windows\System32\semaphore-Threads.exe [1027696 2015-07-12] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-06] (SurfRight B.V.)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26]
(McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-30] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AVerIT13x; C:\Windows\System32\Drivers\AVerIT13x_x64.sys [192768 2011-07-11] (AVerMedia TECHNOLOGIES, Inc.)
R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [41784 2015-08-05] (Beijing Rising Information Technology Co., Ltd.)
S3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-23] (ITE Tech. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R4 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71760 2015-04-09] (Beijing Rising Information Technology Co., Ltd.)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8204904 2011-07-05] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-30] (Sandboxie Holdings, LLC)
R0 scssifilter; C:\Windows\System32\Drivers\scssifilter64.sys [27032 2015-07-12] (Microsoft Corporation)
R0 TWZDISK; C:\Windows\System32\Drivers\TWZDISK.sys [74512 2014-04-06] (Toolwiz.com)
R1 TWZFILE; C:\Windows\System32\Drivers\TWZFILE.sys [44304 2014-04-06] (Toolwiz.com)
R0 usbmp3; C:\Windows\System32\Drivers\usbmp364.sys [19864 2015-07-12] () [File not signed]
R0 usbvox; C:\Windows\System32\Drivers\usbvox64.sys [48464 2015-07-12] () [File not signed]
R0 usbwav; C:\Windows\System32\Drivers\usbwav64.sys [29080 2015-07-12] () [File not signed]
S0 nvpciflt; system32\DRIVERS\nvpciflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-08 13:19 - 2015-08-08 13:19 - 02170368 _____ (Farbar) C:\Users\rr\Downloads\FRST64 (1).exe
2015-08-08 13:17 - 2015-08-08 13:17 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT (5).exe
2015-08-08 13:16 - 2015-08-08 13:16 - 00001052 _____ C:\Users\rr\Desktop\JRT.txt
2015-08-08 13:12 - 2015-08-08 13:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT (4).exe
2015-08-08 13:03 - 2015-08-08 13:03 - 02248704 _____ C:\Users\rr\Downloads\adwcleaner_4.208 (1).exe
2015-08-08 13:01 - 2015-08-08 13:01 - 00000000 _RSHD C:\ProgramData\avg security toolbar
2015-08-08 12:56 - 2015-08-08 12:59 - 00000000 ____D C:\AdwCleaner
2015-08-08 12:54 - 2015-08-08 12:55 - 02248704 _____ C:\Users\rr\Downloads\adwcleaner_4.208.exe
2015-08-08 12:31 - 2015-08-08 12:31 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT (3).exe
2015-08-08 12:17 - 2015-08-08 12:17 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT (2).exe
2015-08-08 12:10 - 2015-08-08 12:11 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT (1).exe
2015-08-08 12:08 - 2015-08-08 12:08 - 01797896 _____ (Malwarebytes Corporation) C:\Users\rr\Downloads\JRT.exe
2015-08-08 03:12 - 2015-08-08 03:50 - 00067497 _____ C:\Users\rr\Downloads\Addition.txt
2015-08-08 03:11 - 2015-08-08 13:20 - 00024234 _____ C:\Users\rr\Downloads\FRST.txt
2015-08-08 03:11 - 2015-08-08 13:20 - 00000000 ____D C:\FRST
2015-08-08 03:10 - 2015-08-08 03:10 - 02170368 _____ (Farbar) C:\Users\rr\Downloads\FRST64.exe
2015-08-08 01:36 - 2015-08-08 01:36 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-08 01:36 - 2015-08-08 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-08 01:18 - 2015-08-08 01:18 - 00000017 _____ C:\Users\rr\AppData\Local\resmon.resmoncfg
2015-08-08 00:29 - 2015-08-08 13:01 - 00000336 _____ C:\Windows\setupact.log
2015-08-08 00:29 - 2015-08-08 00:29 - 00000000 _____ C:\Windows\setuperr.log
2015-08-08 00:28 - 2015-08-08 00:28 - 00000328 _____ C:\Windows\PFRO.log
2015-08-08 00:03 - 2015-08-08 00:03 - 00000000 ____D C:\Users\rr\AppData\Local\IsolatedStorage
2015-08-08 00:02 - 2015-08-08 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-08-08 00:01 - 2015-08-08 00:01 - 00000000 ____D C:\Windows\A56C634859D0433BA48A75914858664E.TMP
2015-08-07 23:52 - 2015-08-07 23:52 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-08-07 23:47 - 2015-08-07 23:47 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-08-07 23:46 - 2015-08-07 23:46 - 00000000 ____D C:\Users\rr\Documents\BACK UPPPPP
2015-08-07 23:33 - 2015-08-07 23:34 - 00000000 ____D C:\Program Files\CCleaner
2015-08-07 23:33 - 2015-08-07 23:33 - 00002778 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-08-07 23:33 - 2015-08-07 23:33 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-07 23:33 - 2015-08-07 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-07 23:28 - 2015-08-07 23:29 - 06611176 _____ (Piriform Ltd) C:\Users\rr\Downloads\ccsetup508pro.exe
2015-08-07 23:03 - 2015-08-07 23:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-08-07 22:12 - 2015-08-07 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-08-07 22:11 - 2015-08-08 01:39 - 00000000 ____D C:\Windows\system32\NV
2015-08-07 22:11 - 2015-08-07 22:11 - 00000000 ____D C:\Users\rr\AppData\Local\NVIDIA
2015-08-07 22:00 - 2015-08-08 13:01 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-07 21:59 - 2015-02-06 05:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 21:59 - 2015-02-06 05:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 21:59 - 2015-02-06 05:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-07 21:59 - 2015-02-06 05:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 21:59 - 2015-02-06 03:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-08-07 21:59 - 2015-02-05 22:50 - 04236870 _____ C:\Windows\system32\nvcoproc.bin
2015-08-07 21:58 - 2015-02-20 01:18 - 00074056 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-07 21:58 - 2015-02-20 01:18 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-07 21:57 - 2015-08-07 22:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-07 20:46 - 2015-08-07 20:47 - 32869920 _____ C:\Users\rr\Downloads\Second_Life_3_8_2_303891_i686_Setup.exe
2015-08-07 18:44 - 2015-08-07 18:44 - 00000000 ____D C:\Users\rr\Documents\Fax
2015-08-07 18:25 - 2015-08-07 18:25 - 00002001 _____ C:\Users\rr\Documents\guh.txt
2015-08-07 02:18 - 2015-08-07 02:18 - 06085768 _____ (Blitware Technology Inc. ) C:\Users\rr\Downloads\driverrobot_setup.exe
2015-08-06 23:37 - 2015-08-06 23:37 - 00000000 ____D C:\Users\rr\Desktop\hijack file
2015-08-06 23:24 - 2015-08-06 23:24 - 00014996 _____ C:\Users\rr\Downloads\hijackthis.log
2015-08-06 23:23 - 2015-08-06 23:24 - 00388608 _____ (Trend Micro Inc.) C:\Users\rr\Downloads\HijackThis.exe
2015-08-06 22:10 - 2015-08-06 22:21 - 00000000 ____D C:\ProgramData\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\MFAData
2015-08-06 22:10 - 2015-08-06 22:10 - 00000000 ____D C:\Users\rr\AppData\Local\Avg2015
2015-08-06 22:08 - 2015-08-06 22:09 - 05091576 _____ (AVG Technologies) C:\Users\rr\Downloads\avg_free_stb_all_6125p1_177.exe
2015-08-06 17:24 - 2015-08-06 17:24 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-06 17:23 - 2011-09-20 19:53 - 03074664 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-06 17:23 - 2011-09-20 15:32 - 01510912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-08-06 17:23 - 2011-09-16 16:18 - 00098408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2015-08-06 17:23 - 2011-09-16 15:09 - 03209320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-08-06 17:23 - 2011-09-16 10:39 - 02519656 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-08-06 17:23 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-08-06 17:23 - 2011-08-19 14:54 - 01881704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-06 17:23 - 2011-07-28 00:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2015-08-06 17:23 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-06 17:23 - 2011-07-08 14:34 - 00065432 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-08-06 17:23 - 2011-06-30 16:14 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-06 17:23 - 2011-06-14 11:13 - 00177088 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-08-06 17:23 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-08-06 17:23 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-08-06 17:23 - 2010-11-18 11:49 - 00121744 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-06 17:23 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-06 17:23 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-06 17:23 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-06 17:23 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-06 17:23 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-06 17:22 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00527872 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00515584 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-08-06 17:22 - 2011-08-06 01:29 - 00439808 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-08-06 17:22 - 2011-07-28 00:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2015-08-06 17:22 - 2011-06-27 14:45 - 03768152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-06 17:22 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-06 17:22 - 2011-05-05 15:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-06 17:22 - 2011-05-02 14:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-06 17:22 - 2010-10-03 13:46 - 00341336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-06 17:22 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-06 17:22 - 2010-05-06 17:34 - 00334680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-06 17:21 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-06 17:21 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-06 17:21 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsPStorIcon.dll
2015-08-06 17:09 - 2011-01-12 16:10 - 00333928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsPStor.sys
2015-08-06 17:06 - 2015-08-06 17:06 - 00003202 _____ C:\Windows\System32\Tasks\{116EFABF-BBE5-4879-ACD9-4C0C137037D4}
2015-08-06 17:04 - 2015-08-06 17:05 - 00000000 ____D C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64
2015-08-06 17:04 - 2015-08-06 17:04 - 00000000 ____D C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64
2015-08-06 17:03 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64
2015-08-06 17:02 - 2015-08-06 17:03 - 00000000 ____D C:\Users\rr\Downloads\LAN_Realtek_7.46.610.2011_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64
2015-08-06 17:02 - 2015-08-06 17:02 - 00000000 ____D C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64
2015-08-06 17:01 - 2011-03-30 07:53 - 00008273 _____ C:\Users\rr\Downloads\itecir.cat
2015-08-06 17:00 - 2015-08-06 17:00 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A (1).zip
2015-08-06 16:59 - 2015-08-06 17:04 - 194344927 _____ C:\Users\rr\Downloads\VGA_NVIDIA_8.17.12.7570_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:03 - 89081663 _____ C:
\Users\rr\Downloads\VGA_Intel_8.15.10.2462_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:01 - 14026968 _____ C:\Users\rr\Downloads\USB_Etron_1.0.0.103_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 17:00 - 05799236 _____ C:\Users\rr\Downloads\Lan_Realtek_7.46.610.2011_W7x64_A.zip
2015-08-06 16:59 - 2015-08-06 16:59 - 06954264 _____ C:\Users\rr\Downloads\FIR_ITE_5.1.0.8_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 17:00 - 65987390 _____ C:\Users\rr\Downloads\Bluetooth_Broadcom_6.4.0.1601_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 09529406 _____ C:\Users\rr\Downloads\CardReader_Realtek_6.1.7600.74_W7x64_A.zip
2015-08-06 16:58 - 2015-08-06 16:59 - 02605994 _____ C:\Users\rr\Downloads\Chipset_Intel_9.2.0.1019_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 17:02 - 124028229 _____ C:\Users\rr\Downloads\Audio_Realtek_6.0.1.6463_W7x64_A.zip
2015-08-06 16:57 - 2015-08-06 16:57 - 06353309 _____ C:\Users\rr\Downloads\AMT_Intel_7.0.0.1144_W7x64_A.zip
2015-08-06 16:55 - 2015-08-06 16:56 - 00096096 _____ C:\Users\rr\Downloads\SerialNumberDetectionTool.exe
2015-08-06 16:21 - 2015-08-06 16:25 - 72046336 _____ (Phoenix Firestorm Project Inc) C:\Users\rr\Downloads\Phoenix-FirestormOS-Betax64-4-7-1-45325_Setup.exe
2015-08-06 16:19 - 2015-08-08 00:39 - 00000000 ____D C:\Users\rr\AppData\Roaming\IMVU
2015-08-06 16:19 - 2015-08-06 16:19 - 00001861 _____ C:\Users\rr\Desktop\IMVU.lnk
2015-08-06 16:19 - 2015-08-06 16:19 - 00000000 ____D C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU
2015-08-06 16:17 - 2015-08-06 16:18 - 40665216 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetupFull.exe
2015-08-06 16:16 - 2015-08-06 16:16 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st (1).exe
2015-08-06 16:13 - 2015-08-06 16:13 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-06 16:13 - 2015-08-06 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-06 15:19 - 2015-08-06 15:19 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-08-06 15:19 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-08-06 15:17 - 2015-08-06 15:18 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (2).exe
2015-08-06 03:27 - 2015-08-06 03:28 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup (1).exe
2015-08-06 03:27 - 2015-08-06 03:28 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup (1).exe
2015-08-06 02:54 - 2015-08-06 02:54 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\rr\Downloads\flashplayer18_ha_install.exe
2015-08-06 02:11 - 2015-07-29 06:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-06 02:11 - 2015-07-29 06:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-06 02:11 - 2015-07-29 06:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-06 02:11 - 2015-07-29 05:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-06 02:11 - 2015-03-14 13:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-06 02:10 - 2015-07-21 04:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-06 02:10 - 2015-07-21 04:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-06 02:10 - 2015-07-21 03:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-06 02:10 - 2015-07-21 03:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-06 02:09 - 2015-05-10 04:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-06 01:54 - 2015-08-06 15:46 - 00003302 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-08-06 01:49 - 2015-08-06 01:49 - 00248812 _____ C:\Windows\system32\.crusader
2015-08-06 01:02 - 2015-08-06 01:02 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-06 01:02 - 2015-08-06 01:02 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-06 01:01 - 2015-08-08 12:03 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-06 01:00 - 2015-08-06 01:00 - 11032736 _____ (SurfRight B.V.) C:\Users\rr\Downloads\HitmanPro_x64.exe
2015-08-06 00:53 - 2015-08-06 00:53 - 00000000 ____D C:\Users\rr\Desktop\my ♥ miss u
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Windows\system32\%localappdata%
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2015-08-06 00:41 - 2015-08-06 00:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2015-08-06 00:40 - 2015-08-06 00:40 - 00071168 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.dll
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 ____D C:\Windows\SysWOW64\comtypes_cache
2015-08-06 00:40 - 2015-08-06 00:40 - 00000000 _____ C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo6dbft.lck
2015-08-06 00:39 - 2015-08-06 00:39 - 00001102 _____ C:\Windows\SysWOW64\debug.log
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Titanium
2015-08-06 00:39 - 2015-08-06 00:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Titanium
2015-08-06 00:10 - 2015-08-06 00:10 - 01384064 _____ (Skype Technologies S.A.) C:\Users\rr\Downloads\SkypeSetup.exe
2015-08-05 23:41 - 2015-08-05 23:41 - 00000000 ____D C:\Users\rr\AppData\Local\TempTaskUpdateDetectionAF602652-FBB8-4114-80D6-344D04B4D7B9
2015-08-05 21:45 - 2015-08-06 03:28 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-05 21:44 - 2015-08-05 21:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rr\Downloads\revosetup.exe
2015-08-05 20:05 - 2015-08-05 20:09 - 00000000 ____D C:\Users\rr\Documents\DESKTOP STUFFFFF
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solid YouTube Downloader and Converter
2015-08-05 16:30 - 2015-08-06 12:23 - 00000000 ____D C:\Program Files (x86)\Solid YouTube Downloader and Converter
2015-08-05 15:06 - 2015-08-06 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-08-05 15:06 - 2015-08-05 15:06 - 00000000 ____D C:\Program Files\VS Revo Group
2015-08-05 14:22 - 2015-08-06 13:10 - 00000000 ____D C:\Users\rr\AppData\Local\VS Revo Group
2015-08-05 14:21 - 2015-08-06 13:11 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-08-05 14:10 - 2015-08-05 14:12 - 11069616 _____ (VS Revo Group ) C:\Users\rr\Downloads\RevoUninProSetup.exe
2015-08-05 13:41 - 2015-08-05 13:31 - 00041784 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
2015-08-05 13:17 - 2015-08-05 13:17 - 00000000 ____D C:\Program Files (x86)\IObit
2015-08-05 12:38 - 2015-08-06 01:49 - 00000000 ____D C:\Program Files (x86)\baidu
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Roaming\Opera Software
2015-08-05 12:36 - 2015-08-05 12:36 - 00000000 ____D C:\Users\rr\AppData\Local\Opera Software
2015-08-05 12:34 - 2015-08-05 12:46 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-05 12:24 - 2015-07-27 13:26 - 00000854 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-05 12:20 - 2015-08-05 12:20 - 00000000 ____D C:\Users\rr\AppData\Local\Geckofx
2015-08-05 12:16 - 2015-08-05 12:16 - 00000000 ____D C:\Users\rr\Documents\ѺӰ
2015-08-05 12:15 - 2015-08-05 12:15 - 00000000 ____D C:\Users\rr\AppData\Local\Temp尰
2015-08-05 12:13 - 2015-08-06 02:54 - 00000000 ___RD C:\RavBin
2015-08-05 12:13 - 2015-08-05 12:13 - 00000150 __RSH C:\rising.ini
2015-08-05 12:13 - 2015-08-05 12:13 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
2015-08-05 12:13 - 2015-04-30 11:17 - 00119256 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
2015-08-05 12:13 - 2015-04-09 15:00 - 00071760 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
2015-08-05 12:13 - 2014-07-30 12:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-08-05 12:13 - 2014-01-02 17:37 - 00325400 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
2015-08-05 12:13 - 2013-12-30 17:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
2015-08-05 12:13 - 2012-09-06 10:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
2015-08-05 12:13 - 2012-02-29 17:49 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
2015-08-05 12:12 - 2015-08-06 15:45 - 00000000 ____D C:\ProgramData\Rising
2015-08-05 11:54 - 2015-08-05 12:43 - 01000371 ____N C:\Users\rr\Downloads\FacebookHacker2015__8497_il45583.exe_installer.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 01000603 _____ C:\Users\rr\Downloads\FacebookHacker2015.zip
2015-08-05 11:53 - 2015-08-05 11:53 - 00000004 _____ C:\Users\rr\Downloads\test.dat
2015-07-31 17:46 - 2015-07-31 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-31 17:26 - 2015-07-31 17:26 - 03337052 _____ C:\Users\rr\Downloads\IMG_3159.MOV
2015-07-31 15:36 - 2015-08-06 00:55 - 00000000 ____D C:\Users\rr\Documents\Bandicam
2015-07-31 02:21 - 2015-07-31 02:22 - 03978087 _____ C:\Users\rr\Downloads\IMG_3154.MOV
2015-07-30 16:23 - 2015-07-30 16:23 - 03139172 _____ C:\Users\rr\Downloads\IMG_3150.MOV
2015-07-28 12:07 - 2015-07-28 12:07 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\50D03F05.sys
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-07-27 13:26 - 2015-07-27 13:26 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-07-25 09:16 - 2015-07-25 09:16 - 00662152 _____ C:\Users\rr\Downloads\Pls Don't Go.m4a
2015-07-23 13:25 - 2015-08-05 19:52 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2015-07-23 13:25 - 2015-07-27 13:26 - 00001938 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-07-23 00:08 - 2015-07-23 00:08 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf (1).m4a
2015-07-21 10:31 - 2015-07-15 13:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:31 - 2015-07-15 13:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:31 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:31 - 2015-07-15 12:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:31 - 2015-07-15 11:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:31 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-20 01:19 - 2015-07-20 01:19 - 00244304 _____ C:\Users\rr\Downloads\InstallIMVU_521.0_st.exe
2015-07-20 00:19 - 2015-07-20 00:19 - 05759300 _____ C:\Users\rr\Downloads\Fk Ittf.wav
2015-07-20 00:18 - 2015-07-20 00:18 - 00266587 _____ C:\Users\rr\Downloads\Fk Ittf.m4a
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\Users\rr\AppData\Local\LogMeIn
2015-07-19 21:34 - 2015-07-19 21:34 - 00000000 ____D C:\ProgramData\LogMeIn
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (2).exe
2015-07-19 20:29 - 2015-07-19 20:31 - 14077560 _____ C:\Users\rr\Downloads\join.me (1).exe
2015-07-19 15:28 - 2015-07-19 15:28 - 09741888 _____ (CyberGhost S.R.L. ) C:\Users\rr\Downloads\CG_5.0.15.14.exe
2015-07-19 14:48 - 2015-07-19 14:50 - 25723531 _____ C:\Users\rr\Downloads\privateinternetaccess.exe
2015-07-19 14:31 - 2015-08-07 23:03 - 00000000 ___RD C:\Users\rr\Dropbox
2015-07-19 14:31 - 2015-07-19 14:31 - 00001230 _____ C:\Users\rr\Desktop\Dropbox.lnk
2015-07-19 14:28 - 2015-07-19 14:28 - 00000000 ____D C:\Users\rr\AppData\Roaming\Dropbox
2015-07-19 14:24 - 2015-08-08 13:01 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-07-19 14:24 - 2015-08-08 12:35 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-07-19 14:24 - 2015-08-07 23:03 - 00000000 ____D C:\Users\rr\AppData\Local\Dropbox
2015-07-19 14:24 - 2015-07-31 17:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-07-19 14:24 - 2015-07-19 14:30 - 00003896 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-07-19 14:24 - 2015-07-19 14:30 - 00003644 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-07-19 14:24 - 2015-07-19 14:24 - 00000000 ____D C:\ProgramData\Dropbox
2015-07-19 14:23 - 2015-07-19 14:23 - 00660960 _____ (Dropbox, Inc.) C:\Users\rr\Downloads\DropboxInstaller.exe
2015-07-17 21:38 - 2015-07-17 21:38 - 00000000 ____D C:\Users\rr\Documents\Evaer
2015-07-15 19:52 - 2015-06-26 04:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 19:52 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 19:52 - 2015-06-21 06:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 19:52 - 2015-06-21 05:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 19:52 - 2015-06-21 05:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 19:52 - 2015-06-21 05:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-21 05:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-21 05:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 19:52 - 2015-06-21 05:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 19:52 - 2015-06-21 05:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 19:52 - 2015-06-21 05:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 19:52 - 2015-06-21 05:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 19:52 - 2015-06-21 05:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 19:52 - 2015-06-21 05:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-21 05:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 19:52 - 2015-06-21 05:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 19:52 - 2015-06-21 05:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 19:52 - 2015-06-21 04:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 19:52 - 2015-06-21 04:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 19:52 - 2015-06-21 04:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-21 04:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 19:52 - 2015-06-21 04:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 19:52 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 19:52 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 19:52 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 19:52 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 19:52 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 19:52 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 19:52 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 19:52 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 19:52 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 19:52 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 19:52 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 19:52 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 19:52 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 19:52 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 19:52 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 19:52 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 19:52 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 19:51 - 2015-07-15 19:51 - 00000000 ____D C:\Users\rr\AppData\Roaming\Titanium
2015-07-15 19:50 - 2015-06-25 18:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 19:50 - 2015-06-02 10:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 19:50 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 19:49 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 19:49 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 19:49 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 19:49 - 2015-07-03 06:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 19:49 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 19:49 - 2015-07-03 06:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 19:49 - 2015-07-03 06:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 19:49 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 19:49 - 2015-07-03 06:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 19:49 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 19:49 - 2015-07-03 05:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 19:49 - 2015-07-03 04:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 19:49 - 2015-06-27 12:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 19:49 - 2015-06-27 12:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 19:49 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 19:49 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 19:49 - 2015-06-18 03:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 19:49 - 2015-06-18 03:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 19:48 - 2015-07-15 19:52 - 00000000 ____D C:\Program Files\pia_manager
2015-07-15 19:48 - 2015-07-15 19:48 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-07-15 19:48 - 2015-07-15 19:48 - 00003146 _____ C:\Windows\System32\Tasks\Private Internet Access Startup
2015-07-15 19:48 - 2015-07-15 19:48 - 00000000 ____D C:\Users\rr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2015-07-15 19:44 - 2015-07-05 04:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 19:44 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 19:43 - 2015-07-02 06:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 19:43 - 2015-07-02 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 19:43 - 2015-07-02 06:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 19:43 - 2015-07-02 06:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 19:43 - 2015-07-02 06:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 19:43 - 2015-07-02 06:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 19:43 - 2015-07-02 06:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 19:43 - 2015-07-02 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 19:43 - 2015-07-02 06:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 19:43 - 2015-07-02 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 19:43 - 2015-07-02 06:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 1
_________________
~OzBch~
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Fri Aug 07, 2015 8:57 pm    Post subject: Reply with quote

Your Frst.txt log is a long one, and has been cut short by the forum post size limiter.

I need to see the whole thing, so you're going to need to post it to me in sections.

So post me the rest of it, starting from where it cut off .....

Quote:
2015-07-15 19:43 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 19:43 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 1

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 16 Nov 2017
Posts: 10190
Location: Yorkshire

PostPosted: Mon Aug 10, 2015 9:03 pm    Post subject: Reply with quote

Quote:
Due to lack of response this topic is now closed.

If you still need help you must open a new thread in the Help with Spyware Removal forum, post a new log, and wait for a new helper.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University


If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group