Hi here is FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by a (administrator) on A-PC (05-04-2016 07:11:56)
Running from C:\Users\a\Desktop
Loaded Profiles: a (Available Profiles: a)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2730616 2015-09-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2013-10-16] ()
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll [2010-02-10] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\SysWOW64\AcSignIcon.dll [2007-02-13] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk [2015-08-25]
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5-x64 01 C:\Windows\System32\mswsock.dll [327168 2013-09-08] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5F96EEFF-043E-470A-85AA-1D0C59A2263E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8B3C0D3D-5D5F-4D8A-BB9A-18A93E642CB3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A66457FB-76D7-44A4-BFA0-D4C23D5733A4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKU\S-1-5-21-522234228-4192544273-3428825822-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-522234228-4192544273-3428825822-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://
www.google.com/search?q={searchTerms}
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-08] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27] (Adobe Systems, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\ijupd536.default-1430291221738
FF DefaultSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-29] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-12-26] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2013-11-05] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-12-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virutal Rooms Client Launcher Plugin\nphpvrl.dll [2011-03-29] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2010-09-02] (Wacom, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2013-11-05] (Adobe Systems)
FF Plugin-x32: nuance.com/DragonRIAPlugin -> C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll [2012-07-18] (Nuance Communications Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll [2010-03-27] (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-05-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-05-18] (Apple Inc.)
FF Extension: Adblock Plus - C:\Users\a\AppData\Roaming\Mozilla\Firefox\Profiles\ijupd536.default-1430291221738\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-03-09]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-03-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-03-06] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2016-03-06] [not signed]
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-04-01] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-03-06] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2008-09-06] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi
FF Extension: Dragon NaturallySpeaking Rich Internet Application Support - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2012-07-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-02-17] [not signed]
Chrome:
=======
CHR HKU\S-1-5-21-522234228-4192544273-3428825822-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\chromeShim.crx [2012-07-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [85096 2011-02-07] (Autodesk)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-12-26] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-09-28] (NVIDIA Corporation)
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 nlsX86cc; C:\windows\SysWOW64\nlssrv32.exe [66560 2011-12-19] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-09-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568632 2015-09-28] (NVIDIA Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
S4 Rezip; C:\windows\SysWOW64\Rezip.exe [311296 2009-03-05] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3000664 2015-01-06] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LGDDCDevice; C:\windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
S3 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [15664 2016-04-04] (Windows (R) Win 7 DDK provider)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-04-04] ()
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2010-02-17] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2010-02-17] (McAfee, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-09-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2010-09-17] (Windows (R) 2003 DDK 3790 provider)
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2015-05-25] (Seiko Epson Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-03] ()
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S4 tsusbhub; system32\drivers\tsusbhub.sys [X]
S4 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 07:11 - 2016-04-05 07:12 - 00022931 _____ C:\Users\a\Desktop\FRST.txt
2016-04-05 07:11 - 2016-04-05 07:11 - 02374144 _____ (Farbar) C:\Users\a\Downloads\FRST64.exe
2016-04-05 07:11 - 2016-04-05 07:11 - 02374144 _____ (Farbar) C:\Users\a\Desktop\FRST64.exe
2016-04-04 11:34 - 2016-04-04 11:34 - 00025072 _____ C:\ComboFix.txt
2016-04-04 10:13 - 2016-04-04 10:13 - 00028464 _____ C:\windows\system32\Drivers\libwasys.sys
2016-04-04 10:13 - 2016-04-04 10:13 - 00015664 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\libwamf.sys
2016-04-04 10:12 - 2016-04-04 10:12 - 07029896 _____ () C:\Users\a\Downloads\OESISEndpointAssessmentTool.exe
2016-04-03 13:23 - 2016-04-03 13:27 - 00287224 _____ C:\windows\ntbtlog.txt
2016-04-03 12:39 - 2016-04-03 12:39 - 00347816 _____ (Microsoft Corporation) C:\Users\a\Downloads\MicrosoftFixit.IEPerformance.RNP.Run.exe
2016-04-03 11:38 - 2016-04-03 11:39 - 00004592 _____ C:\Users\a\Desktop\JRT.txt
2016-04-03 11:16 - 2016-04-03 11:16 - 00001229 _____ C:\Users\a\Desktop\AdwCleaner[C1].txt
2016-04-03 11:01 - 2016-04-03 11:08 - 00000000 ____D C:\AdwCleaner
2016-04-03 11:00 - 2016-04-03 11:00 - 00001157 _____ C:\Users\a\Desktop\mbam03042016.txt
2016-04-03 10:15 - 2016-04-03 10:15 - 00006600 _____ C:\Users\a\Desktop\rk_F307.tmp.txt
2016-04-03 10:15 - 2016-04-03 10:15 - 00006600 _____ C:\Users\a\Desktop\rk_F25B.tmp.txt
2016-04-03 10:13 - 2016-04-03 10:13 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-03 10:13 - 2016-04-03 10:13 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-03 10:13 - 2016-04-03 10:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-03 10:12 - 2016-04-03 10:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-03 10:12 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-04-03 10:12 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-04-03 10:12 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-04-03 09:24 - 2016-04-03 09:27 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-04-03 09:23 - 2016-04-03 09:26 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-03 09:00 - 2016-04-03 09:00 - 00003438 _____ C:\windows\System32\Tasks\UninstallMonitor
2016-04-03 08:59 - 2016-04-03 08:59 - 00001641 _____ C:\Users\a\Desktop\Advanced Uninstaller PRO 11.lnk
2016-04-03 08:59 - 2016-04-03 08:59 - 00001525 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk
2016-04-02 20:28 - 2016-04-02 20:35 - 19311728 _____ (Innovative Solutions ) C:\Users\a\Downloads\Advanced_Uninstaller11.exe
2016-04-02 18:55 - 2016-04-02 18:55 - 00000000 ____D C:\zoek
2016-04-02 17:31 - 2016-04-02 17:31 - 00000458 _____ C:\Local Disk (D) - Shortcut.lnk
2016-04-02 12:42 - 2016-04-02 12:44 - 22851472 _____ (Malwarebytes ) C:\Users\a\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-02 12:42 - 2016-04-02 12:42 - 03102720 _____ C:\Users\a\Desktop\adwcleaner_5.108.exe
2016-04-02 12:41 - 2016-04-02 12:41 - 01610352 _____ (Malwarebytes) C:\Users\a\Desktop\JRT.exe
2016-04-02 12:40 - 2016-04-02 12:42 - 19655240 _____ C:\Users\a\Desktop\RogueKiller.exe
2016-04-02 11:10 - 2016-04-02 18:58 - 00003032 _____ C:\runcheck.txt
2016-04-02 11:10 - 2016-04-02 12:06 - 00000000 ____D C:\zoek_backup
2016-04-02 11:09 - 2016-04-02 11:09 - 01309184 _____ C:\Users\a\Desktop\zoek.exe
2016-04-01 13:13 - 2016-04-01 13:37 - 00062609 _____ C:\Users\a\Downloads\Addition.txt
2016-04-01 12:59 - 2016-04-01 13:37 - 00039123 _____ C:\Users\a\Downloads\FRST.txt
2016-04-01 12:48 - 2016-04-05 07:11 - 00000000 ____D C:\FRST
2016-04-01 11:06 - 2016-04-04 10:21 - 00000000 ____D C:\$AVG
2016-04-01 10:29 - 2016-04-01 10:57 - 240607256 _____ (AVG Technologies CZ, s.r.o.) C:\Users\a\Downloads\AVG_Internet_Security_x64_696.exe
2016-04-01 03:50 - 2016-04-01 16:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-03-31 15:32 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2016-03-31 15:32 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2016-03-31 15:32 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2016-03-31 15:32 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2016-03-31 15:32 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2016-03-31 15:32 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2016-03-31 15:32 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2016-03-31 15:32 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2016-03-31 15:31 - 2016-04-04 11:34 - 00000000 ____D C:\Qoobox
2016-03-31 15:29 - 2016-03-31 16:22 - 00000000 ____D C:\windows\erdnt
2016-03-31 14:47 - 2016-03-31 14:47 - 00002060 _____ C:\Users\a\Desktop\aswMBR.txt
2016-03-31 14:47 - 2016-03-31 14:47 - 00000512 _____ C:\Users\a\Desktop\MBR.dat
2016-03-31 14:41 - 2016-04-04 10:50 - 05658312 ____R (Swearware) C:\Users\a\Desktop\ComboFix.exe
2016-03-31 14:40 - 2016-03-31 14:42 - 05198336 _____ (AVAST Software) C:\Users\a\Desktop\aswMBR.exe
2016-03-31 14:27 - 2016-03-31 14:36 - 00000000 ____D C:\Users\a\Desktop\destop_shortcuts
2016-03-31 14:26 - 2016-03-31 14:26 - 00000000 ____D C:\Users\a\Desktop\cards_etc
2016-03-31 12:45 - 2016-03-31 12:32 - 00688992 _____ (Swearware) C:\Users\a\Desktop\dds.scr
2016-03-31 12:32 - 2016-03-31 12:32 - 00688992 _____ (Swearware) C:\Users\a\Downloads\dds.scr
2016-03-29 22:43 - 2016-03-29 22:43 - 00000000 ____D C:\Users\a\Downloads\backups
2016-03-29 22:24 - 2016-03-29 22:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\a\Downloads\HijackThis.exe
2016-03-29 21:58 - 2016-03-29 21:58 - 00003820 _____ C:\windows\System32\Tasks\Opera scheduled Autoupdate 1459285081
2016-03-29 21:58 - 2016-03-29 21:58 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-03-29 21:58 - 2016-03-29 21:58 - 00000000 ____D C:\Users\a\AppData\Roaming\Opera Software
2016-03-29 21:58 - 2016-03-29 21:58 - 00000000 ____D C:\Users\a\AppData\Local\Opera Software
2016-03-29 21:57 - 2016-04-04 21:58 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-29 21:47 - 2016-03-29 21:56 - 37696232 _____ (Opera Software) C:\Users\a\Downloads\Opera_36.0.2130.32_Setup.exe
2016-03-29 21:45 - 2016-03-29 21:46 - 00724888 _____ (Opera Software) C:\Users\a\Downloads\OperaSetup.exe
2016-03-29 20:43 - 2016-03-29 20:53 - 19904704 _____ (Adobe Systems Incorporated) C:\Users\a\Downloads\install_flash_player(2).exe
2016-03-21 11:31 - 2016-03-30 02:21 - 00000000 ____D C:\Program Files (x86)\EPUB File Reader
2016-03-21 11:31 - 2016-03-21 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader
2016-03-20 11:17 - 2016-03-20 12:23 - 00000000 ____D C:\Users\Public\Downloads\Badens
2016-03-17 19:08 - 2016-03-17 19:09 - 02606578 _____ C:\Users\a\Downloads\DDLValley.cool_G-e-n-I-u-s-_-I-n-t-e-l-l-I-g-e-n-c-e-.pdf
2016-03-13 11:49 - 2016-03-13 12:02 - 29312924 _____ C:\Users\a\Downloads\DDLValley.cool_N.Sc-12.M.2016.pdf
2016-03-10 20:03 - 2016-03-10 20:03 - 00574158 _____ C:\Users\Public\Downloads\iexplorer.reg
2016-03-10 00:01 - 2016-03-10 00:01 - 00001413 _____ C:\Users\a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-03-09 23:30 - 2016-03-09 23:46 - 55915216 _____ (Microsoft Corporation) C:\Users\a\Downloads\IE11-Windows6.1-x64-en-us.exe
2016-03-09 23:28 - 2016-03-09 23:29 - 02077392 _____ (Microsoft Corporation) C:\Users\a\Downloads\IE11-Windows6.1.exe
2016-03-09 21:45 - 2016-03-09 22:47 - 00000000 ____D C:\windows\Panther
2016-03-08 18:55 - 2016-03-08 18:55 - 00328409 _____ C:\Users\a\AppData\Local\census.cache
2016-03-08 18:55 - 2016-03-08 18:55 - 00185089 _____ C:\Users\a\AppData\Local\ars.cache
2016-03-08 17:44 - 2016-03-08 17:45 - 02405672 _____ (Trend Micro Inc.) C:\Users\a\Downloads\HousecallLauncher64(1).exe
2016-03-08 17:30 - 2016-03-08 17:37 - 47521472 _____ C:\Users\Public\Downloads\Firefox Setup 43.0.1.exe
2016-03-08 16:58 - 2016-03-08 16:58 - 00987728 _____ (Google Inc.) C:\Users\Public\Downloads\ChromeSetup.exe
2016-03-08 16:30 - 2016-03-08 16:34 - 58082952 _____ (Microsoft Corporation) C:\Users\Public\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2016-03-08 14:22 - 2016-03-08 16:00 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-08 14:20 - 2016-03-08 14:21 - 01524224 _____ C:\Users\a\Downloads\adwcleaner_5.101.exe
2016-03-08 13:54 - 2016-03-08 16:00 - 00000000 ____D C:\Users\a\AppData\LocalLow\Adblock Plus for IE
2016-03-08 13:54 - 2016-03-08 16:00 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-03-08 13:50 - 2016-03-08 13:52 - 06468104 _____ ( ) C:\Users\a\Downloads\adblockplusie-1.5.exe
2016-03-07 17:17 - 2016-03-07 17:17 - 00000000 ____D C:\Users\Public\Downloads\FL studio tutorial by lynda.com
2016-03-07 17:10 - 2016-03-07 17:11 - 00000000 ____D C:\Users\Public\Downloads\melodyne_tut
2016-03-06 22:09 - 2016-03-07 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-06 11:15 - 2016-03-06 11:24 - 28623077 _____ C:\Users\a\Downloads\DDLValley.cool_New_Scientist_-_5_March_2016-P2P.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 07:11 - 2009-07-14 05:45 - 00029264 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-05 07:11 - 2009-07-14 05:45 - 00029264 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-05 06:45 - 2013-02-09 19:08 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-04 19:44 - 2013-02-09 19:08 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-04 11:42 - 2009-07-14 04:20 - 00000000 ____D C:\windows\system32\NDF
2016-04-04 11:25 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2016-04-04 10:46 - 2015-06-20 16:54 - 00000419 _____ C:\windows\BRWMARK.INI
2016-04-04 10:46 - 2015-06-20 16:54 - 00000027 _____ C:\windows\BRPP2KA.INI
2016-04-04 10:40 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-04-04 10:39 - 2015-06-02 13:27 - 00000000 ____D C:\Users\a\AppData\Local\Avg
2016-04-04 10:39 - 2012-03-15 21:09 - 00000000 ____D C:\ProgramData\MFAData
2016-04-04 10:28 - 2012-03-15 21:19 - 00000000 ____D C:\Program Files (x86)\AVG
2016-04-04 10:22 - 2015-10-23 14:02 - 00000000 ____D C:\Users\a\AppData\Local\AvgSetupLog
2016-04-03 12:51 - 2009-07-14 04:20 - 00000000 ____D C:\PerfLogs
2016-04-03 12:41 - 2011-03-20 08:38 - 00000000 ____D C:\Users\a\AppData\Local\ElevatedDiagnostics
2016-04-03 08:59 - 2010-12-29 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO
2016-04-02 17:25 - 2015-03-12 19:28 - 00000000 ____D C:\Users\a\AppData\Local\CrashDumps
2016-04-02 17:18 - 2012-07-17 16:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-02 17:05 - 2015-02-11 10:31 - 00007634 _____ C:\Users\a\AppData\Local\Resmon.ResmonCfg
2016-04-02 12:06 - 2010-12-24 20:53 - 00000000 ____D C:\Users\a
2016-04-01 11:06 - 2015-07-14 18:24 - 00000000 ____D C:\ProgramData\AVG
2016-03-31 16:31 - 2013-01-09 17:46 - 00000000 ____D C:\Users\systemprofile
2016-03-31 16:19 - 2009-07-14 06:13 - 00801128 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-31 16:19 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2016-03-31 14:25 - 2013-02-10 13:05 - 00000000 ____D C:\Users\a\Desktop\desktop_folders
2016-03-30 02:21 - 2015-04-07 10:00 - 00000000 ___SD C:\windows\system32\GWX
2016-03-30 02:21 - 2013-10-11 12:33 - 00000000 ____D C:\Users\a\AppData\Roaming\Azureus
2016-03-30 02:21 - 2009-07-14 04:20 - 00000000 ____D C:\windows\registration
2016-03-29 21:38 - 2015-07-14 19:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-03-29 20:54 - 2015-07-14 19:47 - 00003770 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-03-29 20:54 - 2015-04-03 16:26 - 00797376 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-03-29 20:54 - 2015-04-03 16:26 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-13 11:27 - 2015-03-01 16:41 - 00000000 ____D C:\Users\a\AppData\Roaming\tox
2016-03-09 21:36 - 2013-02-09 19:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-09 21:36 - 2013-01-21 18:07 - 00000000 ____D C:\Users\a\AppData\Local\Google
2016-03-09 20:04 - 2013-10-11 12:33 - 00000000 ____D C:\Users\a\Documents\Vuze Downloads
2016-03-09 15:19 - 2010-12-28 02:31 - 00000000 ____D C:\Users\a\AppData\Roaming\vlc
2016-03-08 17:43 - 2012-07-17 16:53 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-08 16:00 - 2014-12-30 22:49 - 00000000 ____D C:\windows\system32\appraiser
2016-03-08 16:00 - 2014-05-03 10:10 - 00000000 ___SD C:\windows\system32\CompatTel
2016-03-08 16:00 - 2010-08-04 03:40 - 00000000 ____D C:\ProgramData\WinClon
2016-03-07 18:31 - 2010-12-24 20:54 - 00000000 ____D C:\Users\a\AppData\Local\Adobe
2016-03-07 14:40 - 2013-09-13 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
==================== Files in the root of some directories =======
2011-12-14 18:29 - 2011-12-14 18:29 - 0000132 _____ () C:\Users\a\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-02-28 18:07 - 2013-05-22 16:30 - 0000132 _____ () C:\Users\a\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-02-27 15:46 - 2016-01-06 13:34 - 0000132 _____ () C:\Users\a\AppData\Roaming\Adobe PNG Format CS6 Prefs
2010-12-27 20:47 - 2013-01-18 11:43 - 0002315 _____ () C:\Users\a\AppData\Roaming\SAS7_000.DAT
2011-06-02 13:23 - 2011-09-05 15:33 - 0001456 _____ () C:\Users\a\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-03-08 18:55 - 2016-03-08 18:55 - 0185089 _____ () C:\Users\a\AppData\Local\ars.cache
2016-03-08 18:55 - 2016-03-08 18:55 - 0328409 _____ () C:\Users\a\AppData\Local\census.cache
2010-12-28 21:50 - 2010-12-28 21:50 - 0003584 _____ () C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-09-03 16:10 - 2008-09-03 16:10 - 0000036 _____ () C:\Users\a\AppData\Local\housecall.guid.cache
2016-04-04 10:13 - 2016-04-04 10:17 - 0001071 _____ () C:\Users\a\AppData\Local\infection.log
2015-08-14 15:44 - 2015-08-14 15:49 - 0000528 _____ () C:\Users\a\AppData\Local\Player.ini
2015-02-11 10:31 - 2016-04-02 17:05 - 0007634 _____ () C:\Users\a\AppData\Local\Resmon.ResmonCfg
2011-09-15 16:17 - 2011-09-15 16:17 - 0000096 ____H () C:\Users\a\AppData\Local\vwr_lic_p.dat
2010-12-24 20:55 - 2010-01-16 08:18 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-12-27 00:59 - 2013-12-06 17:42 - 0000020 ____H () C:\ProgramData\PKP_DLdy.DAT
2010-12-26 19:18 - 2015-02-15 12:05 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
2013-03-17 14:39 - 2013-03-17 15:05 - 0000000 ____H () C:\ProgramData\PKP_DLeh.DAT
2010-08-04 03:37 - 2010-08-04 03:37 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-08-04 03:35 - 2010-08-04 03:36 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-08-04 03:32 - 2010-08-04 03:33 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-08-04 03:36 - 2010-08-04 03:37 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-08-04 03:31 - 2010-08-04 03:32 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-08-04 03:33 - 2010-08-04 03:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ==> Could not access BCD.
LastRegBack: 2016-03-29 00:57
==================== End of FRST.txt ============================
Thanks