So I regularly run malwarebytes, and this thing keeps coming back after being quarantined.
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Running from D:\Downloads
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Akamai Technologies, Inc.) C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2014-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-08] (Speedbit Ltd.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [Akamai NetSession Interface] => C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {4b4d2a4a-6e0b-11e4-8029-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {68908f3a-402c-11e4-8d21-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {689091ee-402c-11e4-8d21-c86000c6d0a6} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-08] (Speedbit Ltd.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b4d2a4a-6e0b-11e4-8029-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {68908f3a-402c-11e4-8d21-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {689091ee-402c-11e4-8d21-c86000c6d0a6} - H:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.12\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-12-14] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\JSK\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-08-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default\Extensions\abs@avira.com [2015-04-02]
FF Extension: Adblock Plus - C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://mail.google.com/mail/u/0/#inbox", "https://mail.google.com/mail/u/1/#inbox"
CHR Profile: C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-02]
CHR Extension: (Bookmark Manager) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-10] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 01:27 - 2015-04-10 01:27 - 00000000 ____D () C:\FRST
2015-04-10 01:20 - 2015-04-10 01:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-10 01:19 - 2015-04-10 01:26 - 00000000 ____D () C:\Users\JSK\Desktop\mbar
2015-04-10 01:17 - 2015-04-10 01:17 - 00000542 _____ () C:\DelFix.txt
2015-04-10 01:17 - 2015-04-10 01:17 - 00000000 ____D () C:\Windows\ERUNT
2015-04-10 00:56 - 2015-04-10 00:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JSK-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-10 00:56 - 2015-04-10 00:56 - 00000000 ____D () C:\RegBackup
2015-04-10 00:50 - 2015-04-10 00:50 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-10 00:50 - 2015-04-10 00:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-07 12:03 - 2015-04-07 12:03 - 00000000 ____D () C:\Users\JSK\Tracing
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 01:28 - 2015-04-04 01:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 22:33 - 2015-04-07 07:47 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Avira
2015-04-02 22:33 - 2015-04-02 22:33 - 00003432 _____ () C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-02 22:32 - 2015-04-07 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-02 22:32 - 2015-04-07 07:47 - 00000000 ____D () C:\ProgramData\Avira
2015-04-02 22:32 - 2015-04-02 22:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-02 22:32 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-02 22:27 - 2015-04-02 22:27 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-02 00:34 - 2015-04-02 00:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-27 10:02 - 2015-03-27 10:02 - 00000000 ____D () C:\Users\JSK\Documents\Java
2015-03-26 11:23 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-26 11:21 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-26 11:21 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-26 11:18 - 2015-03-30 14:07 - 00000000 ____D () C:\ProgramData\{422a264f-a13f-2edb-422a-a264fa13993e}
2015-03-24 13:27 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 13:27 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\Users\JSK\AppData\Local\Logitech
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-03-23 15:27 - 2015-03-23 15:27 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Logitech
2015-03-23 15:27 - 2015-03-23 15:27 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Logishrd
2015-03-23 05:16 - 2015-03-30 14:07 - 00000000 ____D () C:\ProgramData\{8dc2065d-e06e-155d-8dc2-2065de061977}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 01:20 - 2014-08-20 10:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 01:19 - 2014-08-20 10:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 01:05 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 01:01 - 2014-08-06 04:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 01:00 - 2015-03-07 13:35 - 00000020 _____ () C:\Users\JSK\AppData\Roaming\appdataFr3.bin
2015-04-10 01:00 - 2015-01-08 22:28 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 01:00 - 2014-11-18 19:17 - 00000000 ____D () C:\Users\JSK\AppData\Local\HTC MediaHub
2015-04-10 01:00 - 2014-08-06 03:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 01:00 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 01:00 - 2009-07-13 21:51 - 00063939 _____ () C:\Windows\setupact.log
2015-04-10 00:59 - 2014-08-06 04:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-10 00:59 - 2014-08-06 03:12 - 01227268 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:59 - 2010-11-20 20:47 - 00593792 _____ () C:\Windows\PFRO.log
2015-04-10 00:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 00:48 - 2014-08-06 03:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 15:05 - 2014-08-08 10:13 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Skype
2015-04-09 11:02 - 2014-08-21 09:15 - 00000000 ____D () C:\Users\JSK\Documents\My Scans
2015-04-07 12:03 - 2014-10-12 00:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-07 12:03 - 2014-08-08 10:13 - 00000000 ____D () C:\ProgramData\Skype
2015-04-07 12:03 - 2014-08-06 03:12 - 00000000 ____D () C:\Users\JSK
2015-04-07 07:46 - 2014-09-18 05:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 02:17 - 2009-07-13 21:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 02:17 - 2009-07-13 21:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 01:09 - 2014-10-07 07:51 - 00000000 ____D () C:\Users\JSK\Documents\Outlook Files
2015-04-03 03:40 - 2014-08-08 10:12 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\uTorrent
2015-04-02 22:35 - 2014-08-06 04:28 - 00000000 ____D () C:\Users\JSK\Desktop\Stuff
2015-04-02 22:32 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-02 22:20 - 2015-01-08 22:28 - 00000000 ____D () C:\Program Files (x86)\DAP
2015-04-02 02:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 14:07 - 2015-01-16 19:55 - 00003454 _____ () C:\Windows\system32\.crusader
2015-03-27 10:15 - 2015-02-24 13:20 - 00008838 _____ () C:\Users\JSK\Desktop\acc.xlsx
2015-03-27 10:03 - 2014-08-06 04:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-27 10:02 - 2014-11-12 08:12 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-26 11:23 - 2014-11-18 19:16 - 00000000 ____D () C:\Temp
2015-03-26 11:23 - 2014-08-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-26 11:22 - 2014-08-06 04:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 03:15 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:15 - 2014-08-07 06:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 03:56 - 2015-01-15 15:48 - 00000000 ____D () C:\Users\JSK\AppData\Local\Akamai
2015-03-18 01:21 - 2014-08-11 14:11 - 00000000 ____D () C:\Users\JSK\Documents\Tarrasch
2015-03-14 13:00 - 2014-10-25 01:26 - 00000000 ____D () C:\Users\JSK\AppData\Local\Adobe
2015-03-14 13:00 - 2014-08-06 04:17 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 13:00 - 2014-08-06 04:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 13:00 - 2014-08-06 04:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 12:41 - 2014-08-06 04:42 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 12:41 - 2014-08-06 04:42 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 09:16 - 2014-11-11 16:18 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2014-08-06 04:42 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 03:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 06:10 - 2014-08-06 04:42 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-11 03:25 - 2009-07-13 21:45 - 00435184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:09 - 2014-09-08 09:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:08 - 2014-09-08 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 03:05 - 2014-08-07 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:05 - 2009-07-13 19:34 - 00000615 _____ () C:\Windows\win.ini
2015-03-11 03:02 - 2014-08-07 01:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-03-07 13:35 - 2015-04-10 01:00 - 0000020 _____ () C:\Users\JSK\AppData\Roaming\appdataFr3.bin
2014-08-10 23:55 - 2014-08-10 23:55 - 0000697 _____ () C:\Users\JSK\AppData\Roaming\ConvAPIPlugin.log
2015-01-23 05:27 - 2015-01-23 05:27 - 0000038 ___SH () C:\Users\JSK\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-08-06 03:36 - 2014-08-06 03:36 - 0000017 _____ () C:\Users\JSK\AppData\Local\resmon.resmoncfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\JSK\AppData\Local\setup.txt
2014-08-10 23:51 - 2014-11-11 14:20 - 0001886 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\JSK\AppData\Local\Temp\avgnt.exe
C:\Users\JSK\AppData\Local\Temp\bitool.dll
C:\Users\JSK\AppData\Local\Temp\cabex.dll
C:\Users\JSK\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JSK\AppData\Local\Temp\ExPromo.exe
C:\Users\JSK\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\JSK\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\JSK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JSK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\JSK\AppData\Local\Temp\NGMDll.dll
C:\Users\JSK\AppData\Local\Temp\NGMResource.dll
C:\Users\JSK\AppData\Local\Temp\NGMSetup.exe
C:\Users\JSK\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\JSK\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\JSK\AppData\Local\Temp\nvStInst.exe
C:\Users\JSK\AppData\Local\Temp\ose00000.exe
C:\Users\JSK\AppData\Local\Temp\ose00002.exe
C:\Users\JSK\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\JSK\AppData\Local\Temp\Quarantine.exe
C:\Users\JSK\AppData\Local\Temp\Runner2.exe
C:\Users\JSK\AppData\Local\Temp\Runner4.exe
C:\Users\JSK\AppData\Local\Temp\RunWizards.exe
C:\Users\JSK\AppData\Local\Temp\SetupUtils6.dll
C:\Users\JSK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JSK\AppData\Local\Temp\sqlite3.dll
C:\Users\JSK\AppData\Local\Temp\unicows.dll
C:\Users\JSK\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 01:52
==================== End Of Log ============================
It's been there for a few weeks now, and it's just annoying.
How do I get rid of it?
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by JSK (administrator) on JSK-PC on 10-04-2015 01:27:54
Running from D:\Downloads
Loaded Profiles: JSK & (Available profiles: JSK)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Speedbit Ltd.) C:\Program Files (x86)\DAP\DAP.exe
(Akamai Technologies, Inc.) C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Akamai Technologies, Inc.) C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6827664 2014-08-06] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585928 2015-01-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [Andy] => C:\Program Files\Andy\HandyAndy.exe
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH)
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-07] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-08] (Speedbit Ltd.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [Akamai NetSession Interface] => C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {4b4d2a4a-6e0b-11e4-8029-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {68908f3a-402c-11e4-8d21-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\MountPoints2: {689091ee-402c-11e4-8d21-c86000c6d0a6} - H:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DownloadAccelerator] => C:\Program Files (x86)\DAP\DAP.EXE [4242064 2015-01-08] (Speedbit Ltd.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\JSK\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b4d2a4a-6e0b-11e4-8029-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {68908f3a-402c-11e4-8d21-c86000c6d0a6} - G:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {689091ee-402c-11e4-8d21-c86000c6d0a6} - H:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF ProfilePath: C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-08-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.4.1.12\ma\bin\npMotive.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2014-12-14] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\JSK\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-08-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default\Extensions\abs@avira.com [2015-04-02]
FF Extension: Adblock Plus - C:\Users\JSK\AppData\Roaming\Mozilla\Firefox\Profiles\f18nlb5v.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-18]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [daplinkchecker@speedbit.com] - C:\Program Files (x86)\DAP\daplinkchecker
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-1978593856-2847325663-2946171487-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/", "https://mail.google.com/mail/u/0/#inbox", "https://mail.google.com/mail/u/1/#inbox"
CHR Profile: C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-02]
CHR Extension: (Bookmark Manager) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-10]
CHR Extension: (Google Wallet) - C:\Users\JSK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2015-01-15] (NVIDIA Corporation)
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706312 2015-01-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833544 2015-01-15] (NVIDIA Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-03-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-17] (Avira Operations GmbH & Co. KG)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2015-01-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-04-10] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 01:27 - 2015-04-10 01:27 - 00000000 ____D () C:\FRST
2015-04-10 01:20 - 2015-04-10 01:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-10 01:19 - 2015-04-10 01:26 - 00000000 ____D () C:\Users\JSK\Desktop\mbar
2015-04-10 01:17 - 2015-04-10 01:17 - 00000542 _____ () C:\DelFix.txt
2015-04-10 01:17 - 2015-04-10 01:17 - 00000000 ____D () C:\Windows\ERUNT
2015-04-10 00:56 - 2015-04-10 00:56 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-JSK-PC-Windows-7-Ultimate-(64-bit).dat
2015-04-10 00:56 - 2015-04-10 00:56 - 00000000 ____D () C:\RegBackup
2015-04-10 00:50 - 2015-04-10 00:50 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-10 00:50 - 2015-04-10 00:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-07 12:03 - 2015-04-07 12:03 - 00000000 ____D () C:\Users\JSK\Tracing
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 01:28 - 2015-04-04 01:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-02 22:33 - 2015-04-07 07:47 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Avira
2015-04-02 22:33 - 2015-04-02 22:33 - 00003432 _____ () C:\Windows\System32\Tasks\Avira Browser Safety Updater Task
2015-04-02 22:32 - 2015-04-07 07:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-02 22:32 - 2015-04-07 07:47 - 00000000 ____D () C:\ProgramData\Avira
2015-04-02 22:32 - 2015-04-02 22:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-02 22:32 - 2015-03-17 13:01 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-04-02 22:32 - 2015-03-17 13:01 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-04-02 22:27 - 2015-04-02 22:27 - 00000000 ____D () C:\ProgramData\Panda Security
2015-04-02 00:34 - 2015-04-02 00:34 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-03-27 10:02 - 2015-03-27 10:02 - 00000000 ____D () C:\Users\JSK\Documents\Java
2015-03-26 11:23 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-03-26 11:21 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 17258024 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-03-26 11:21 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 02906928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434788.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434788.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00997856 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00878328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00496272 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00400584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00390288 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00354112 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00346824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00178512 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-03-26 11:21 - 2015-03-13 12:41 - 00164568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-03-26 11:18 - 2015-03-30 14:07 - 00000000 ____D () C:\ProgramData\{422a264f-a13f-2edb-422a-a264fa13993e}
2015-03-24 13:27 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 13:27 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 13:27 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 13:27 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\Users\JSK\AppData\Local\Logitech
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-03-23 15:31 - 2015-03-23 15:31 - 00000000 ____D () C:\Program Files\Logitech Gaming Software
2015-03-23 15:27 - 2015-03-23 15:27 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Logitech
2015-03-23 15:27 - 2015-03-23 15:27 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Logishrd
2015-03-23 05:16 - 2015-03-30 14:07 - 00000000 ____D () C:\ProgramData\{8dc2065d-e06e-155d-8dc2-2065de061977}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-10 01:20 - 2014-08-20 10:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-10 01:19 - 2014-08-20 10:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-10 01:05 - 2009-07-13 22:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-10 01:01 - 2014-08-06 04:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-10 01:00 - 2015-03-07 13:35 - 00000020 _____ () C:\Users\JSK\AppData\Roaming\appdataFr3.bin
2015-04-10 01:00 - 2015-01-08 22:28 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 01:00 - 2014-11-18 19:17 - 00000000 ____D () C:\Users\JSK\AppData\Local\HTC MediaHub
2015-04-10 01:00 - 2014-08-06 03:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-10 01:00 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-04-10 01:00 - 2009-07-13 21:51 - 00063939 _____ () C:\Windows\setupact.log
2015-04-10 00:59 - 2014-08-06 04:34 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-10 00:59 - 2014-08-06 03:12 - 01227268 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 00:59 - 2010-11-20 20:47 - 00593792 _____ () C:\Windows\PFRO.log
2015-04-10 00:59 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-10 00:48 - 2014-08-06 03:41 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-09 15:05 - 2014-08-08 10:13 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\Skype
2015-04-09 11:02 - 2014-08-21 09:15 - 00000000 ____D () C:\Users\JSK\Documents\My Scans
2015-04-07 12:03 - 2014-10-12 00:26 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-07 12:03 - 2014-08-08 10:13 - 00000000 ____D () C:\ProgramData\Skype
2015-04-07 12:03 - 2014-08-06 03:12 - 00000000 ____D () C:\Users\JSK
2015-04-07 07:46 - 2014-09-18 05:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-07 02:17 - 2009-07-13 21:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-07 02:17 - 2009-07-13 21:45 - 00022528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-07 01:09 - 2014-10-07 07:51 - 00000000 ____D () C:\Users\JSK\Documents\Outlook Files
2015-04-03 03:40 - 2014-08-08 10:12 - 00000000 ____D () C:\Users\JSK\AppData\Roaming\uTorrent
2015-04-02 22:35 - 2014-08-06 04:28 - 00000000 ____D () C:\Users\JSK\Desktop\Stuff
2015-04-02 22:32 - 2014-08-06 04:08 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-02 22:20 - 2015-01-08 22:28 - 00000000 ____D () C:\Program Files (x86)\DAP
2015-04-02 02:48 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-30 14:07 - 2015-01-16 19:55 - 00003454 _____ () C:\Windows\system32\.crusader
2015-03-27 10:15 - 2015-02-24 13:20 - 00008838 _____ () C:\Users\JSK\Desktop\acc.xlsx
2015-03-27 10:03 - 2014-08-06 04:19 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-27 10:02 - 2014-11-12 08:12 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-26 11:23 - 2014-11-18 19:16 - 00000000 ____D () C:\Temp
2015-03-26 11:23 - 2014-08-06 04:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-03-26 11:22 - 2014-08-06 04:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-25 03:15 - 2014-12-11 04:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 03:15 - 2014-08-07 06:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 03:56 - 2015-01-15 15:48 - 00000000 ____D () C:\Users\JSK\AppData\Local\Akamai
2015-03-18 01:21 - 2014-08-11 14:11 - 00000000 ____D () C:\Users\JSK\Documents\Tarrasch
2015-03-14 13:00 - 2014-10-25 01:26 - 00000000 ____D () C:\Users\JSK\AppData\Local\Adobe
2015-03-14 13:00 - 2014-08-06 04:17 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-14 13:00 - 2014-08-06 04:17 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-14 13:00 - 2014-08-06 04:17 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-13 12:41 - 2014-08-06 04:42 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-03-13 12:41 - 2014-08-06 04:42 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 18580512 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 16022016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 14121624 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 03303448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-03-13 12:41 - 2014-08-06 04:41 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-03-13 09:16 - 2014-11-11 16:18 - 02559808 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 06861968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 03526856 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-03-13 09:16 - 2014-08-06 04:42 - 00386248 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-03-13 09:16 - 2014-08-06 04:42 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-03-13 03:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 06:10 - 2014-08-06 04:42 - 04246327 _____ () C:\Windows\system32\nvcoproc.bin
2015-03-11 03:25 - 2009-07-13 21:45 - 00435184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:24 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:09 - 2014-09-08 09:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:08 - 2014-09-08 09:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 03:05 - 2014-08-07 01:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:05 - 2009-07-13 19:34 - 00000615 _____ () C:\Windows\win.ini
2015-03-11 03:02 - 2014-08-07 01:16 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2015-03-07 13:35 - 2015-04-10 01:00 - 0000020 _____ () C:\Users\JSK\AppData\Roaming\appdataFr3.bin
2014-08-10 23:55 - 2014-08-10 23:55 - 0000697 _____ () C:\Users\JSK\AppData\Roaming\ConvAPIPlugin.log
2015-01-23 05:27 - 2015-01-23 05:27 - 0000038 ___SH () C:\Users\JSK\AppData\Local\1754111884ee9ab5277ca00.95260103
2014-08-06 03:36 - 2014-08-06 03:36 - 0000017 _____ () C:\Users\JSK\AppData\Local\resmon.resmoncfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\JSK\AppData\Local\setup.txt
2014-08-10 23:51 - 2014-11-11 14:20 - 0001886 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\JSK\AppData\Local\Temp\avgnt.exe
C:\Users\JSK\AppData\Local\Temp\bitool.dll
C:\Users\JSK\AppData\Local\Temp\cabex.dll
C:\Users\JSK\AppData\Local\Temp\dllnt_dump.dll
C:\Users\JSK\AppData\Local\Temp\ExPromo.exe
C:\Users\JSK\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\JSK\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\JSK\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\JSK\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\JSK\AppData\Local\Temp\NGMDll.dll
C:\Users\JSK\AppData\Local\Temp\NGMResource.dll
C:\Users\JSK\AppData\Local\Temp\NGMSetup.exe
C:\Users\JSK\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\JSK\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\JSK\AppData\Local\Temp\nvStInst.exe
C:\Users\JSK\AppData\Local\Temp\ose00000.exe
C:\Users\JSK\AppData\Local\Temp\ose00002.exe
C:\Users\JSK\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
C:\Users\JSK\AppData\Local\Temp\Quarantine.exe
C:\Users\JSK\AppData\Local\Temp\Runner2.exe
C:\Users\JSK\AppData\Local\Temp\Runner4.exe
C:\Users\JSK\AppData\Local\Temp\RunWizards.exe
C:\Users\JSK\AppData\Local\Temp\SetupUtils6.dll
C:\Users\JSK\AppData\Local\Temp\SkypeSetup.exe
C:\Users\JSK\AppData\Local\Temp\sqlite3.dll
C:\Users\JSK\AppData\Local\Temp\unicows.dll
C:\Users\JSK\AppData\Local\Temp\vcredist_x86.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 01:52
==================== End Of Log ============================