Annette Ritchey
Posts: 37 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-10-2015
Ran by Scott (administrator) on SCOTT-HP (24-10-2015 11:33:44)
Running from C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2KCE6TD
Loaded Profiles: Scott (Available Profiles: Scott)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1688552 2015-10-20] (Bitdefender)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1416096 2015-10-13] (Bitdefender)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {1efed613-6778-11e3-97f3-78acc0b234b4} - J:\mri.exe
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {641edd17-7a88-11e0-95dd-78acc0b234b4} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {78ffdc1c-0b80-11e3-ab6f-78acc0b234b4} - J:\LGAutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{88D6FDC8-C028-4379-A05F-5AA6C23B289B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {4F8000CD-1FCD-4335-9B32-1015CC6CE2F7} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B6DA48CD-2D18-4459-BD8E-B01AA12CF8EE}&mid=7848e3bba93147ccac14a9e58656dd47-077c5738d1be2d7f41c1aa52f67fb2d73e11d89a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-20 10:14:08&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {8D1223B9-9E7B-44C1-92C0-5D0DDDA38686} - No File
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://74.95.137.254:88/webrec.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Scott\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default\Extensions\abs@avira.com [2015-10-11] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2015-10-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-10-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-09-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1572168 2015-10-14] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [270248 2015-10-08] (Bitdefender)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-08-05] (Belcarra Technologies) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 cpuz134; \??\C:\Users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-24 11:33 - 2015-10-24 11:33 - 00000000 ____D C:\FRST
2015-10-22 05:18 - 2015-10-22 05:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 05:18 - 2015-10-22 05:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-21 22:29 - 2015-10-21 22:31 - 00000148 _____ C:\Windows\Reimage.ini
2015-10-21 21:34 - 2015-10-21 21:35 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-21 21:27 - 2015-10-21 21:30 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2015-10-21 21:26 - 2015-10-21 21:26 - 00002079 _____ C:\Users\Public\Desktop\Canon My Image Garden.lnk
2015-10-21 21:19 - 2015-10-21 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-21 21:19 - 2015-10-21 21:19 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-10-21 21:19 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2015-10-21 21:19 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2015-10-21 21:19 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2015-10-21 21:19 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-10-21 21:18 - 2015-10-21 21:19 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-21 21:18 - 2015-10-21 21:18 - 00000000 ____D C:\Windows\system32\STRING
2015-10-21 21:18 - 2012-07-31 08:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2015-10-21 21:18 - 2012-07-31 08:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2015-10-21 21:18 - 2012-07-31 08:47 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2015-10-21 21:15 - 2015-10-21 21:22 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-21 21:15 - 2015-10-21 21:15 - 00000000 ___HD C:\ProgramData\CanonIJETV
2015-10-21 20:13 - 2015-10-21 21:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Canon
2015-10-21 09:07 - 2015-10-21 09:07 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-21 09:05 - 2015-10-23 18:03 - 00010210 _____ C:\Windows\PFRO.log
2015-10-21 09:04 - 2015-10-24 11:20 - 00000392 _____ C:\Windows\setupact.log
2015-10-21 09:04 - 2015-10-21 09:04 - 00000000 _____ C:\Windows\setuperr.log
2015-10-21 09:03 - 2015-10-21 09:06 - 00352336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-21 08:56 - 2015-10-21 08:56 - 00096162 _____ C:\Users\Scott\Documents\cc_20151021_085626.regbackup.reg
2015-10-21 08:52 - 2015-10-21 08:52 - 00102496 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-21 08:46 - 2015-10-21 08:46 - 00024809 _____ C:\ProgramData\1445431590.bdinstall.bin
2015-10-21 08:31 - 2015-10-21 08:31 - 00397511 _____ C:\ProgramData\1445430452.bdinstall.bin
2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Users\Scott\AppData\Roaminguser_gensett.xml
2015-10-21 08:30 - 2015-10-21 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2015-10-21 08:30 - 2015-10-21 08:30 - 00002128 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2015-10-21 08:30 - 2015-10-21 08:30 - 00000684 ____H C:\bdr-cf01
2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____D C:\ProgramData\BDLogging
2015-10-21 08:30 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-10-21 08:29 - 2015-10-21 08:31 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bitdefender
2015-10-21 08:29 - 2015-10-21 08:30 - 00253404 ____H C:\bdr-ld01
2015-10-21 08:29 - 2015-10-21 08:30 - 00009216 ____H C:\bdr-ld01.mbr
2015-10-21 08:29 - 2015-10-08 12:31 - 00270248 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2015-10-21 08:29 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-10-21 08:29 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-10-21 08:29 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-10-21 08:29 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
2015-10-21 08:29 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2015-10-21 08:29 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-10-21 08:27 - 2015-10-21 09:01 - 00000000 ____D C:\ProgramData\Bitdefender
2015-10-21 08:27 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Bitdefender
2015-10-21 08:27 - 2015-06-02 15:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32
Ran by Scott (administrator) on SCOTT-HP (24-10-2015 11:33:44)
Running from C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2KCE6TD
Loaded Profiles: Scott (Available Profiles: Scott)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1688552 2015-10-20] (Bitdefender)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1416096 2015-10-13] (Bitdefender)
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {1efed613-6778-11e3-97f3-78acc0b234b4} - J:\mri.exe
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {641edd17-7a88-11e0-95dd-78acc0b234b4} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\MountPoints2: {78ffdc1c-0b80-11e3-ab6f-78acc0b234b4} - J:\LGAutoRun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{88D6FDC8-C028-4379-A05F-5AA6C23B289B}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://srch-us10.hpwis.com/
HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {4F8000CD-1FCD-4335-9B32-1015CC6CE2F7} URL = hxxp://search.avg.com/route/?d=4b3d2cf0&I=23&tp=chrome&q={searchTerms}&lng={language}&ychte=us&nt=1
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={B6DA48CD-2D18-4459-BD8E-B01AA12CF8EE}&mid=7848e3bba93147ccac14a9e58656dd47-077c5738d1be2d7f41c1aa52f67fb2d73e11d89a&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615pit&pr=fr&d=2015-10-20 10:14:08&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
SearchScopes: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2015-09-21] (Bitdefender)
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> No Name - {8D1223B9-9E7B-44C1-92C0-5D0DDDA38686} - No File
Toolbar: HKU\S-1-5-21-1500130686-4110971754-1691798755-1000 -> Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2015-09-21] (Bitdefender)
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://74.95.137.254:88/webrec.cab
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
FireFox:
========
FF ProfilePath: C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-04-30] (Alcatel-Lucent)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Scott\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-05-13] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\2ZG9qDU7.default\Extensions\abs@avira.com [2015-10-11] [not signed]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\bdwteff [2015-10-20] [not signed]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2015-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-05-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2015-10-20] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF HKU\S-1-5-21-1500130686-4110971754-1691798755-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Norton Security Toolbar) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-09-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [823840 2015-09-22] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [124488 2015-09-29] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1572168 2015-10-14] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-05-28] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-05-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-05-28] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S4 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R0 ignis; C:\Windows\System32\DRIVERS\ignis.sys [270248 2015-10-08] (Bitdefender)
S3 Leapfrog-USBLAN; C:\Windows\System32\DRIVERS\btblan.sys [40320 2011-08-05] (Belcarra Technologies) [File not signed]
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 cpuz134; \??\C:\Users\Scott\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-10-24 11:33 - 2015-10-24 11:33 - 00000000 ____D C:\FRST
2015-10-22 05:18 - 2015-10-22 05:18 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-22 05:18 - 2015-10-22 05:18 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-21 22:29 - 2015-10-21 22:31 - 00000148 _____ C:\Windows\Reimage.ini
2015-10-21 21:34 - 2015-10-21 21:35 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-21 21:27 - 2015-10-21 21:30 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2015-10-21 21:26 - 2015-10-21 21:26 - 00002079 _____ C:\Users\Public\Desktop\Canon My Image Garden.lnk
2015-10-21 21:19 - 2015-10-21 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-21 21:19 - 2015-10-21 21:19 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2015-10-21 21:19 - 2012-09-21 09:33 - 00321024 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLL.dll
2015-10-21 21:19 - 2012-05-25 09:21 - 00103936 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_BLU.dll
2015-10-21 21:19 - 2012-05-15 15:58 - 00098048 _____ C:\Windows\SysWOW64\CNC176BD.TBL
2015-10-21 21:19 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-10-21 21:18 - 2015-10-21 21:19 - 00000000 ___HD C:\Program Files\CanonBJ
2015-10-21 21:18 - 2015-10-21 21:18 - 00000000 ____D C:\Windows\system32\STRING
2015-10-21 21:18 - 2012-07-31 08:48 - 00359936 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2015-10-21 21:18 - 2012-07-31 08:48 - 00039424 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2015-10-21 21:18 - 2012-07-31 08:47 - 00366592 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2015-10-21 21:15 - 2015-10-21 21:22 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-21 21:15 - 2015-10-21 21:15 - 00000000 ___HD C:\ProgramData\CanonIJETV
2015-10-21 20:13 - 2015-10-21 21:34 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Canon
2015-10-21 09:07 - 2015-10-21 09:07 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-21 09:05 - 2015-10-23 18:03 - 00010210 _____ C:\Windows\PFRO.log
2015-10-21 09:04 - 2015-10-24 11:20 - 00000392 _____ C:\Windows\setupact.log
2015-10-21 09:04 - 2015-10-21 09:04 - 00000000 _____ C:\Windows\setuperr.log
2015-10-21 09:03 - 2015-10-21 09:06 - 00352336 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-21 08:56 - 2015-10-21 08:56 - 00096162 _____ C:\Users\Scott\Documents\cc_20151021_085626.regbackup.reg
2015-10-21 08:52 - 2015-10-21 08:52 - 00102496 _____ C:\Users\Scott\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-21 08:46 - 2015-10-21 08:46 - 00024809 _____ C:\ProgramData\1445431590.bdinstall.bin
2015-10-21 08:31 - 2015-10-21 08:31 - 00397511 _____ C:\ProgramData\1445430452.bdinstall.bin
2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Windows\system32\user_gensett.xml
2015-10-21 08:31 - 2015-10-21 08:31 - 00000385 _____ C:\Users\Scott\AppData\Roaminguser_gensett.xml
2015-10-21 08:30 - 2015-10-21 08:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2015-10-21 08:30 - 2015-10-21 08:30 - 00002128 _____ C:\Users\Public\Desktop\Bitdefender 2016.lnk
2015-10-21 08:30 - 2015-10-21 08:30 - 00000684 ____H C:\bdr-cf01
2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-10-21 08:30 - 2015-10-21 08:30 - 00000000 ____D C:\ProgramData\BDLogging
2015-10-21 08:30 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-10-21 08:29 - 2015-10-21 08:31 - 00000000 ____D C:\Users\Scott\AppData\Roaming\Bitdefender
2015-10-21 08:29 - 2015-10-21 08:30 - 00253404 ____H C:\bdr-ld01
2015-10-21 08:29 - 2015-10-21 08:30 - 00009216 ____H C:\bdr-ld01.mbr
2015-10-21 08:29 - 2015-10-08 12:31 - 00270248 _____ (Bitdefender) C:\Windows\system32\Drivers\ignis.sys
2015-10-21 08:29 - 2015-05-29 09:50 - 00271272 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-10-21 08:29 - 2015-05-28 14:21 - 00747120 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-10-21 08:29 - 2015-05-28 13:37 - 01369288 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-10-21 08:29 - 2015-05-27 17:02 - 49626058 ____H C:\bdr-im01.gz
2015-10-21 08:29 - 2013-08-13 13:38 - 03271472 ____H C:\bdr-bz01
2015-10-21 08:29 - 2012-04-17 14:34 - 00076944 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-10-21 08:27 - 2015-10-21 09:01 - 00000000 ____D C:\ProgramData\Bitdefender
2015-10-21 08:27 - 2015-10-21 08:27 - 00000000 ____D C:\Program Files\Bitdefender
2015-10-21 08:27 - 2015-06-02 15:21 - 00477272 _____ (BitDefender S.R.L.) C:\Windows\system32