Solved PragmaEngine virus/rootkit?

W

Whippedwinter

Posts: 17   +0
Dear,

I have extensions reinstalling themselves on my computer, which cause automatic popups or redirection to other sites. I have bitdefender installed and it told me my system was clean.

I tried to remove pragma engine though it doesn't want to be removed due to unfindable files.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Bart (administrator) on BART on 23-05-2015 01:20:44
Running from C:\Users\Bart\Downloads
Loaded Profiles: Bart (Available Profiles: Bart)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771544 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770520 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-08-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-07] (Bitdefender)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [OneDrive] => C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {26c1007e-c965-11e4-bf28-8c89a50f65c4} - "E:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {d83f75f8-b06e-11e3-bea1-6c71d9b50274} - "F:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd9479c3-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd947a2b-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-12-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-12-29]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-08-23]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> DefaultScope {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.x64.dll No File
BHO: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.x64.dll No File
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.1 195.130.131.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-17]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-13]
CHR Extension: (Google Search) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Gmail Offline) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-27] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-26] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-08-19] (Realsil Microelectronics Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) []
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-03-22] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-17] () []
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 9b6ed4d7; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\PragmaEngine\PragmaEngine.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-17] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-07] (BitDefender LLC)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-05-17] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2013-08-19] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-08-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U3 fgrdqpob; \??\C:\Users\Bart\AppData\Local\Temp\fgrdqpob.sys [X]
U3 mbr; \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 01:17 - 2015-05-23 01:17 - 00061886 _____ () C:\Users\Bart\Downloads\Addition.txt
2015-05-23 01:16 - 2015-05-23 01:20 - 00025298 _____ () C:\Users\Bart\Downloads\FRST.txt
2015-05-23 01:15 - 2015-05-23 01:20 - 00000000 ____D () C:\FRST
2015-05-23 01:12 - 2015-05-23 01:13 - 02108416 _____ (Farbar) C:\Users\Bart\Downloads\FRST64.exe
2015-05-23 00:37 - 2015-05-23 00:37 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-23 00:02 - 2015-05-23 00:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bart\Desktop\tdsskiller.exe
2015-05-23 00:01 - 2015-05-23 00:01 - 00089088 _____ () C:\Users\Bart\Desktop\mbr.exe
2015-05-23 00:00 - 2015-05-23 00:00 - 00380416 _____ () C:\Users\Bart\Desktop\iexplorer.exe
2015-05-22 15:34 - 2015-05-22 15:34 - 00000000 ____D () C:\Users\Bart\Desktop\Welcome to AKKA BNL
2015-05-20 21:02 - 2015-05-21 22:18 - 00011842 _____ () C:\Users\Bart\Documents\Sweetie Super Study schedule.xlsx
2015-05-19 11:58 - 2015-05-19 11:58 - 00011170 _____ () C:\Users\Bart\Documents\Sweetie travel calculation.xlsx
2015-05-19 11:44 - 2015-05-19 11:46 - 156936101 _____ () C:\Users\Bart\Downloads\Turbomachinery-2015-05-19.zip
2015-05-16 17:51 - 2015-05-23 00:56 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job
2015-05-16 17:51 - 2015-05-23 00:37 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job
2015-05-16 17:51 - 2015-05-16 17:51 - 00004046 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec
2015-05-16 17:51 - 2015-05-16 17:51 - 00003810 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65
2015-05-15 16:41 - 2015-05-22 23:35 - 00000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-05-13 17:02 - 2015-05-22 23:28 - 00000000 ___RD () C:\Users\Bart\OneDrive
2015-05-13 11:13 - 2015-05-13 11:13 - 00000000 ____D () C:\Program Files (x86)\DealMMine
2015-05-13 11:12 - 2015-05-19 20:35 - 00000000 ____D () C:\ProgramData\13903649708634143278
2015-05-13 11:12 - 2015-05-13 11:12 - 00000000 ____D () C:\Program Files (x86)\Does Amazon Ship to
2015-05-11 22:36 - 2015-05-11 22:36 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Steam
2015-05-07 14:16 - 2015-05-07 14:16 - 00000000 ____D () C:\Users\Bart\Documents\AKKA
2015-05-05 22:49 - 2015-05-05 23:07 - 479211299 _____ () C:\Users\Bart\Downloads\Go_to_marketing_strategies-2015-05-05.zip
2015-05-05 22:47 - 2015-05-05 22:56 - 222881985 _____ () C:\Users\Bart\Downloads\(Week_6)_CUSTOMER_CENTRICITY_How_Can_Customer_Centricity_Be_Profitable-2015-05-05.zip
2015-05-05 22:46 - 2015-05-05 22:51 - 147903125 _____ () C:\Users\Bart\Downloads\(Week_2)_BRANDING_Customer_Decision_Making_and_the_Role_of_Brand-2015-05-05.zip
2015-05-01 23:21 - 2015-05-22 23:25 - 00000000 ____D () C:\Users\Bart\Downloads\The Equalizer (2014)
2015-04-27 21:37 - 2015-05-11 18:46 - 00000000 ____D () C:\Users\Bart\Downloads\Fury (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 00:59 - 2014-06-26 18:56 - 00004936 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart
2015-05-23 00:59 - 2014-02-04 15:47 - 00000000 ____D () C:\Users\Bart\AppData\Local\CrashDumps
2015-05-23 00:53 - 2014-02-08 18:15 - 00000000 ___RD () C:\Users\Bart\Dropbox
2015-05-23 00:53 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Dropbox
2015-05-23 00:49 - 2014-02-04 16:52 - 00000000 ___DO () C:\Users\Bart\SkyDrive
2015-05-23 00:43 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 00:42 - 2014-02-04 14:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-23 00:37 - 2015-02-20 19:47 - 00072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2015-05-23 00:37 - 2014-10-03 08:32 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-23 00:37 - 2014-02-04 16:59 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 00:37 - 2013-08-23 04:05 - 00000000 ____D () C:\ProgramData\Realtek
2015-05-23 00:37 - 2013-08-23 03:54 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-05-23 00:37 - 2013-08-22 16:46 - 00428583 _____ () C:\WINDOWS\setupact.log
2015-05-23 00:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 00:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 23:55 - 2014-03-09 19:03 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Skype
2015-05-22 23:45 - 2014-02-04 16:30 - 01104810 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 23:28 - 2014-07-01 01:01 - 00003086 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-22 18:06 - 2014-10-10 10:12 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 22:12 - 2014-02-07 23:25 - 03025920 ___SH () C:\Users\Bart\Downloads\Thumbs.db
2015-05-20 21:10 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Local\Packages
2015-05-20 20:39 - 2014-09-01 10:18 - 00000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-05-20 20:28 - 2014-04-18 11:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 20:35 - 2014-11-04 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 20:35 - 2014-10-31 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 20:35 - 2014-03-26 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-19 20:35 - 2014-03-09 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 20:35 - 2013-08-23 05:38 - 00000000 ___HD () C:\SuperChargerProfile
2015-05-19 20:34 - 2015-04-17 16:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-19 20:34 - 2015-04-12 13:00 - 00000000 ____D () C:\Users\Bart\bluej
2015-05-19 20:34 - 2015-04-08 10:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-19 20:34 - 2015-03-10 23:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-19 20:34 - 2015-02-24 20:44 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\uTorrent
2015-05-19 20:34 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-19 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-19 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-19 20:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-19 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 18:08 - 2013-08-22 16:44 - 05108416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Bart
2015-05-12 15:02 - 2015-04-05 14:39 - 00000000 ____D () C:\Users\Bart\Documents\My Kindle Content
2015-05-12 11:29 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Adobe
2015-05-11 20:42 - 2014-02-14 13:02 - 00000000 ____D () C:\Users\Bart\Documents\Training
2015-05-09 11:12 - 2014-02-05 21:25 - 00000650 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-07 14:20 - 2015-03-16 22:57 - 00000000 ____D () C:\Users\Bart\Documents\Canada
2015-05-03 19:52 - 2014-10-10 10:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2015-05-15 16:41 - 2015-05-22 23:35 - 0000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2014-09-01 10:18 - 2014-12-17 19:40 - 0001171 _____ () C:\Users\Bart\AppData\Roaming\DURCKM
2014-09-01 10:18 - 2015-05-20 20:39 - 0000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-02-20 19:47 - 2015-05-23 00:37 - 0072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2014-12-17 19:26 - 2014-12-17 19:26 - 0577508 _____ () C:\ProgramData\1418837032.bdinstall.bin
2015-05-23 00:37 - 2015-05-23 00:37 - 0000000 ____H () C:\ProgramData\cm-lock

Some files in TEMP:
====================
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8eyxnp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-14 11:32

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Bart at 2015-05-23 01:17:08
Running from C:\Users\Bart\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3837407782-1580577728-4138113420-500 - Administrator - Disabled)
Bart (S-1-5-21-3837407782-1580577728-4138113420-1002 - Administrator - Enabled) => C:\Users\Bart
Guest (S-1-5-21-3837407782-1580577728-4138113420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3837407782-1580577728-4138113420-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Amazon Kindle) (Version: - Amazon)
ArchiCAD 18 INT (HKLM\...\001FFF2FFF18FF00FF0701F01F02F000-R1) (Version: 18.0 - GRAPHISOFT)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1307.301 - )
CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dropbox (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.7.0.0 - Electronic Arts)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version: - Ninja Theory)
ETDWare PS/2-X64 11.13.2.4_WHQL (HKLM\...\Elantech) (Version: 11.13.2.4 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.0 - Ubisoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PragmaEngine (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9b6ed4d7}) (Version: - Software Publisher) <==== ATTENTION
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.596 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.596 - Qualcomm Atheros) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.780.780.102113 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Virtua Tennis 4 (HKLM-x32\...\Steam App 71390) (Version: - SEGA)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) - WIBU-SYSTEMS AG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bart\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================

16-05-2015 18:02:35 Software Removal Tool
19-05-2015 20:19:02 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-02-07 12:53 - 00000892 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049D117C-31E9-416C-9D56-C02C33D34E25} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A7A8FD4-0FCB-4105-A511-BA076679D467} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1140B84E-1045-4C8B-8993-3013D4009102} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {1C1C8026-8E73-466A-A434-7FFCA5DD4F02} - System32\Tasks\{10FE4DF7-F1DB-4537-A958-69163C47B268} => pcalua.exe -a C:\Users\Bart\AppData\Roaming\Spotify\Spotify.exe -c /uninstall
Task: {1C4E157D-3A40-4D4D-BE09-2E4874AAEE12} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {23FA0EB1-6015-4D71-8DF3-71FE7361C356} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3A153453-9622-4BD1-8F95-139495C8D234} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {4597CF0C-14C8-4ECD-BDDD-57C8359F8B6C} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-08-19] (Intel)
Task: {46CF1008-8786-43AE-9F2D-E89E8F1796BE} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {4F2C8CD4-FDBD-41A9-86ED-6BFDCDA64B0C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {55819866-1CFD-45E1-85EB-CBF012B3CCA3} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {5B1FC6B1-726C-4496-AF1C-4EC2C88457CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {68302620-7F9A-460B-B0E9-51360F7CF476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {76895E11-8A6C-488A-8AF2-4BD95ED18993} - System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {79C26886-4AB8-4836-99DF-CAC45914B3DD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {815746BB-1135-4925-9CFB-5370B819A477} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A030C80F-51E5-47DB-A53F-C6A2715733DE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {AA68C596-6305-4364-8E28-BC5D63C25CD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B9136315-EEFA-4ACC-9053-38928795A527} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BE417E02-FA0A-4FBC-98CE-40B266F51C4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D7957E1D-F33F-44CB-AC8A-26DFB6FB83D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
Task: {DD57DE37-57F5-4401-B133-4E5DEB4A21F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E58E9888-EE27-4F89-97B5-3E8FD5AD7E88} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E73BE229-89D1-4F5F-9CE7-F5DB3E3C5835} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3837407782-1580577728-4138113420-1002Core.job => C:\Users\Bart\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-17 19:25 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-17 19:25 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-17 19:25 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-17 19:25 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 11:42 - 2015-05-06 11:42 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpbr.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpdsp.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpph.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttprbl.mdl
2013-09-05 03:36 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-02-04 16:30 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-23 04:05 - 2013-04-26 01:32 - 00047104 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2014-03-22 16:55 - 2014-03-22 16:55 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-05-17 02:30 - 2013-05-17 02:30 - 00503296 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
2011-05-10 05:46 - 2011-05-10 05:46 - 02760192 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtCore4.dll
2011-05-10 05:56 - 2011-05-10 05:56 - 09856000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtGui4.dll
2011-05-10 05:47 - 2011-05-10 05:47 - 00416256 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtXml4.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00217600 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFCommon.dll
2011-05-10 05:48 - 2011-05-10 05:48 - 00990720 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\QtNetwork4.dll
2011-05-10 21:32 - 2011-05-10 21:32 - 00731648 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\qwt5.dll
2013-08-23 04:37 - 2012-11-01 20:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2013-05-17 02:30 - 2013-05-17 02:30 - 00554496 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
2013-05-17 02:30 - 2013-05-17 02:30 - 00404992 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modApplications.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00036864 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFeatures.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00025088 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modFraps.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00240128 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modGraph.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00062464 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modlcd.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00291328 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNetwork.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00184832 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modNpu.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00211456 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOptions.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00064000 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modOverview.dll
2013-05-17 02:30 - 2013-05-17 02:30 - 00317440 _____ () C:\Program Files\Qualcomm Atheros\Killer Network Manager\plugins\modSystemInfo.dll
2015-05-23 00:37 - 2015-05-23 00:37 - 00043008 _____ () c:\users\bart\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8eyxnp.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\Bart\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\Bart\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\Bart\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\Bart\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-08-23 03:32 - 2013-02-16 01:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Bart\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70289705.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70289705.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bart\Pictures\Da maucies\10467571_10202148104243808_341037834_o.jpg
DNS Servers: 195.130.130.1 - 195.130.131.1

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_47E47C6948340879425082301BC77D90"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "SkyDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{882504B2-D7DF-4BFA-BB53-37FF786C3067}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{06608946-3D20-48C9-A3F0-493BA436912E}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0E204AF3-5113-45CE-8762-0B8605EC610B}] => (Allow) LPort=1900
FirewallRules: [{9D43C581-B17D-4DFD-91F1-7C10D28E7B7A}] => (Allow) LPort=2869
FirewallRules: [{89EEBBEA-AE46-41A9-B68A-13FCFFD6812D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{812503E0-F200-4936-944A-68E5A78378EC}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD8D0933-04CE-43A2-97B7-F52F54BBFE98}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{426108F6-7725-478D-8880-C6947E160829}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{38192E39-D08A-47E6-9F6B-5778DCFD8349}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{A5283F4F-957E-4FE2-BA2B-2C1EC883F287}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ED864734-ABAF-46E8-9387-2E34E3689B85}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8238E273-2FF9-4F7E-9066-DEEFEBC95142}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41698742-1BBA-4679-8EC9-F757C0885B03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D36FA0A-436E-4716-A2FE-93F5EEB2EDB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{93B903DE-0DC0-4F31-A268-D7CCB0578D4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5A7C9B2C-54F6-4E53-A487-2446DB84816C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2764CBD5-121B-4FC6-BB48-62EDFD23DF7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{369E2483-0319-45F0-BF5D-AAD6DF9F3071}] => (Allow) D:\Heroes6\Might & Magic Heroes VI.exe
FirewallRules: [{51D790C2-EED3-40E2-A7C5-C60A669CFE97}] => (Allow) D:\Heroes6\Might & Magic Heroes VI.exe
FirewallRules: [{666B738E-9140-408D-BC9C-6AF6BD4931CA}] => (Allow) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2BD1654F-73A9-449B-B167-81090BEA1E96}] => (Allow) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C4E7CA02-7547-46A8-A84D-F7D6CECAB61D}C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C1F77CB0-A40A-49FC-B7C0-B562FF9D2216}C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0B38D8BC-7A85-4163-A04C-E72C34159D8B}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{F505EDF7-5783-4F3C-87F1-76AAFB105260}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{F3C892A0-4C72-4F54-A226-C6D6E64D6F10}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2B573D1-2487-4793-BED6-49D45B6BBF37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB07258F-3719-4F6C-B748-E32D990C1101}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BC9908F3-375E-40AD-8FF7-79171864A485}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CEF5C854-9EE8-4385-94BA-2DF63A6DFB7E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9E00B852-F76C-475D-94A3-9E2E329D5DC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2D9C075A-E9FC-4C36-9425-137069A18A05}D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{DD24F567-6974-4C9A-9A2F-BAF6D0669FE2}D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{DF8B0FA6-6013-4846-ACA5-83233E92F694}] => (Allow) D:\Need for Speed Rivals\NFS14_x86.exe
FirewallRules: [{43392F3C-5BDE-42A9-8F62-E2774C78EFAD}] => (Allow) D:\Need for Speed Rivals\NFS14_x86.exe
FirewallRules: [{9338674F-7598-44A8-AA1F-404678022050}] => (Allow) D:\Need for Speed Rivals\NFS14.exe
FirewallRules: [{53CF4105-1A44-472C-88CD-AE68F30EFC07}] => (Allow) D:\Need for Speed Rivals\NFS14.exe
FirewallRules: [TCP Query User{EB8E0AD5-9750-4F9A-807B-2D254EF05195}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [UDP Query User{AAD2EC5B-0228-4A0F-9661-DEF427C580CE}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [{1E58D812-D876-4B57-9AE5-FDE32B066F99}] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [{CED6F3A7-2E82-486A-9F2A-615AD8D28700}] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [TCP Query User{7FB6BFD0-DA3F-4EE4-BA84-B43D252F3354}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{3E00F3A5-282A-408A-B1C5-12B71E2B0944}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{135A51A5-D90E-48A3-8B41-BF8973A415A1}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{9280F2D7-7920-4E71-A4C6-E6753F1CA596}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{2B7FCA9E-66FB-403D-8BC1-D7DAC439C508}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{D71CC758-2378-4C6E-B6CF-801C0141C7F0}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{CF0E529F-6629-41A6-A4DF-7CC3803885DA}] => (Allow) D:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{27F3D8A3-83C4-4324-B7AD-4EDBED6083D4}] => (Allow) D:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{EF890E89-255C-47E6-A653-AFBBC315B369}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9A1AFF18-10B7-4DA9-B1A5-FD71BAA4317F}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{6AD782F0-37C6-4095-B0BA-C0ECE61E6362}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{A7953572-865A-48DA-B0D4-E9A792185884}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{73BEEEF5-0C47-4AD5-9307-90F18A7829F1}] => (Allow) D:\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exe
FirewallRules: [{3EE2A5DE-8017-4FC9-989C-A2E13C6CEA85}] => (Allow) D:\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exe
FirewallRules: [{AFF5AA4A-C25F-4614-B955-CCEAC877FF78}] => (Allow) D:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{B95FF919-7070-4458-AC4E-9AC4FCEB905A}] => (Allow) D:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{5167CC33-1F26-4923-AA29-8E9755AFEE2C}] => (Allow) C:\Users\Bart\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{77F49EB9-2189-4059-B7C4-46DE78389C89}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FD5AAAA2-C63F-421C-A16D-961DE8A83E2D}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{F0418B36-EC0F-421B-B4C0-10128E8C6FF8}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{D22FFB62-732C-4B78-8DC3-F526FD6C70AD}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{28DE370D-F911-4513-B694-0DAFB40A363D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{77ECB8FF-E2D0-4C9A-AD56-3980C0908ED3}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{F2A71052-45CC-41C0-9FD7-22B2A812E6CE}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{2C96EAEB-13F2-46EC-BBBB-D21A5CD61775}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{757F67E6-DCCD-40EE-975A-02496BCD4F7C}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [TCP Query User{123005A5-A0F6-437F-9C1C-B963EF076625}C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe] => (Allow) C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe
FirewallRules: [UDP Query User{6987A476-3BFB-488D-9068-A555749812FA}C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe] => (Allow) C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe
FirewallRules: [{47D089E0-D0E5-46BE-AD82-50775E36A961}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{BDBE013A-3E70-4DC8-B723-61A4F5E0D01D}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{34CFE66E-5F4D-4962-BC1A-4486A85AE8E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{2B905999-9CDB-4323-915C-196C11AD2271}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{1E18A040-638B-4B58-98AC-E89C33897ABC}C:\users\bart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bart\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E204A049-7A07-418B-8C58-9723CC715CBD}C:\users\bart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bart\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{48FD78AA-8464-46EF-95CD-8E3EC0EAB1B6}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7D7067F2-4ED0-46B5-91A9-06B4855BAB86}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32933348-C638-4CEE-9EF7-FEB9F39911F3}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{E443456C-2A35-4985-85CA-E6747ADDC827}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [{7BE56B77-02D0-48AD-B813-8D5054E96573}] => (Allow) D:\Steam\SteamApps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{817A8D49-4599-4936-B2BD-BA807543884D}] => (Allow) D:\Steam\SteamApps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{4FEB63E9-61F3-4D8C-9126-025816F30A6F}] => (Allow) D:\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{8666097E-C6C3-4BD5-9A81-0969AC5FB1D4}] => (Allow) D:\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [TCP Query User{9C5EA5D8-6BED-4E06-A62F-16640956EBA8}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D80FDF76-C71A-41AE-83AE-82E742603394}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [{82834B23-247D-477F-978F-DD65807A6203}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe
FirewallRules: [{504A8110-2B7C-49CE-916F-DE10DA660F37}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe
FirewallRules: [{57A6BC37-2540-4408-B31D-15702BD78638}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe
FirewallRules: [{BE633851-9EB6-466F-9E4E-4636317A8436}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe
FirewallRules: [{E18748DD-2CBC-44CD-99C4-A4EF53649FAE}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F069E368-79D9-46A8-8B8A-D0A37F073443}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EF071A3C-20D3-46B8-BE2C-4E090090C083}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D449A98F-D659-4A44-BCCC-2F74B389F9ED}] => (Allow) C:\Users\Bart\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{992A90E5-5131-47DD-9168-A5DD0A6C99C8}] => (Allow) C:\Users\Bart\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8A681AB7-FECE-47BD-AF23-27EC3F9A0870}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{91ED2001-443B-4A6C-963D-D9281F3F1857}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5DCD2348-9132-438B-8D08-8604094C8C90}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\VT4.exe
FirewallRules: [{F59AFCE1-1EB0-457B-BB26-9358649FA511}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\VT4.exe
FirewallRules: [{4E5CF62D-FE8C-488F-83BD-B2539FB2E505}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\Launcher.exe
FirewallRules: [{4083DB46-BC07-44A4-8185-F24B9C14DF62}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\Launcher.exe
FirewallRules: [{51DD4D13-B011-4D5B-81BE-00B1147F11DC}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{92BA81D3-5140-4988-B7CC-06800309A86D}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2E398FC1-660D-4396-BA7A-7C03F79A4EAE}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{5D439613-7107-41B6-A38C-483EABC0CAF4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{D063CEC7-7022-4139-83F6-B6FF49DA1CC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 00:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplorer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: iexplorer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x2370
Faulting application start time: 0xiexplorer.exe0
Faulting application path: iexplorer.exe1
Faulting module path: iexplorer.exe2
Report Id: iexplorer.exe3
Faulting package full name: iexplorer.exe4
Faulting package-relative application ID: iexplorer.exe5

Error: (05/23/2015 00:58:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x00088c46
Faulting process id: 0x1c38
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:50:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: BART)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/23/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1b24
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:37:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x147c
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:36:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x251c
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:35:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x26c0
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x22c4
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:34:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0xb64
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5


System errors:
=============
Error: (05/23/2015 00:58:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:58:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:48:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:37:09 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PragmaEngine service to connect.

Error: (05/23/2015 00:35:39 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:33:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 00:23:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the PragmaEngine service to connect.

Error: (05/23/2015 00:18:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:18:34 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys

Error: (05/23/2015 00:15:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys


Microsoft Office:
=========================
Error: (05/23/2015 00:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplorer.exe2.1.19357.052e7ea83iexplorer.exe2.1.19357.052e7ea83c0000005000011aa237001d094e2edce56a0C:\Users\Bart\Desktop\iexplorer.exeC:\Users\Bart\Desktop\iexplorer.exe325f2c4a-00d6-11e5-bf39-8c89a50f65c4

Error: (05/23/2015 00:58:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c000000500088c461c3801d094e16a6c3cd9C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeff12447a-00d5-11e5-bf39-8c89a50f65c4

Error: (05/23/2015 00:50:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: BART)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/23/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa1b2401d094dfed2aef92C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exe2c142574-00d3-11e5-bf39-6c71d9b4419b

Error: (05/23/2015 00:37:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa147c01d094dfe1037e5dC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exe1fd7f442-00d3-11e5-bf39-6c71d9b4419b

Error: (05/23/2015 00:36:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa251c01d094dfb366a035C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exef200db19-00d2-11e5-bf38-8c89a50f65c4

Error: (05/23/2015 00:35:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa26c001d094df9753c653C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exed60ff2ff-00d2-11e5-bf38-8c89a50f65c4

Error: (05/23/2015 00:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa22c401d094df89caa8f6C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exec99d6f0e-00d2-11e5-bf38-8c89a50f65c4

Error: (05/23/2015 00:34:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aab6401d094df83459c91C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exec2279f3e-00d2-11e5-bf38-8c89a50f65c4


CodeIntegrity Errors:
===================================
Date: 2015-05-23 00:58:57.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:58:57.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:48:12.617
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:35:39.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:18:34.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:18:34.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:15:44.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:15:43.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:14:59.039
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-17 18:03:56.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\BfLLR.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8108.79 MB
Available physical RAM: 6012.64 MB
Total Pagefile: 9388.79 MB
Available Pagefile: 7288.1 MB
Total Virtual: 131072 MB
Available Virtual: 131071.76 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:109.6 GB) (Free:18.83 GB) NTFS
Drive d: (Data) (Fixed) (Total:678.91 GB) (Free:423.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E73314E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 1E7331B1)

Partition: GPT Partition Type.

==================== End of log ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

redtarget.gif
Uninstall following unwanted program:

PragmaEngine

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V10.6.5.0 [May 20 2015] door Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 8.1 (6.3.9200 ) 64 bits version
Gestart in : Normale mode
Gebruiker : Bart [Administrator]
Started from : C:\Users\Bart\Downloads\RogueKiller.exe
Mode : Verwijder -- Datum : 05/23/2015 01:42:45

¤¤¤ Processen : 0 ¤¤¤

¤¤¤ Register : 28 ¤¤¤
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | WebCheck : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -> Niet geselecteerd
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 | (default) : {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> Niet geselecteerd
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 | (default) : {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> Niet geselecteerd
[PUM.Orphan] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 | (default) : {BBACC218-34EA-4666-9D7A-C78F2274A524} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 | (default) : {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 | (default) : {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 | (default) : {BBACC218-34EA-4666-9D7A-C78F2274A524} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict) | (default) : {8BA85C75-763B-4103-94EB-9470F12FE0F7} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress) | (default) : {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync) | (default) : {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Niet geselecteerd
[PUM.Orphan] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7][x] -> Niet geselecteerd
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Windows\CurrentVersion\Run | OneDrive : "C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [7][x] -> Niet geselecteerd
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fgrdqpob (\??\C:\Users\Bart\AppData\Local\Temp\fgrdqpob.sys) -> Niet geselecteerd
[Suspicious.Path|Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr (\??\C:\Users\Bart\AppData\Local\Temp\mbr.sys) -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fgrdqpob (\??\C:\Users\Bart\AppData\Local\Temp\fgrdqpob.sys) -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr (\??\C:\Users\Bart\AppData\Local\Temp\mbr.sys) -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 195.130.130.1 195.130.131.1 [BELGIUM (BE)][BELGIUM (BE)] -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 195.130.130.1 195.130.131.1 [BELGIUM (BE)][BELGIUM (BE)] -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BDC83F66-13B4-4D68-B1EB-93AB2BBA824A} | DhcpNameServer : 195.130.130.1 195.130.131.1 [BELGIUM (BE)][BELGIUM (BE)] -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BDC83F66-13B4-4D68-B1EB-93AB2BBA824A} | DhcpNameServer : 195.130.130.1 195.130.131.1 [BELGIUM (BE)][BELGIUM (BE)] -> Niet geselecteerd
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Niet geselecteerd
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Niet geselecteerd
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Niet geselecteerd
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Niet geselecteerd

¤¤¤ Taken : 1 ¤¤¤
[Suspicious.Path] \\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002 -- %localappdata%\Microsoft\OneDrive\OneDrive.exe -> Niet geselecteerd

¤¤¤ Bestanden : 0 ¤¤¤

¤¤¤ Host-bestand : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lmlicenses.wip4.adobe.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 lm.licenses.adobe.com

¤¤¤ Antirootkit : 0 (Driver: Niet geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS727575A9E364 +++++
--- User ---
[MBR] 6c140a9f4751a0480bb45144ecad6621
[BSP] d49888c83907efdc504f74f9ccb65eb9 : Empty MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 695207 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1423785984 | Size: 20196 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk SD6SF1M128G +++++
--- User ---
[MBR] b2260bf87814a4e00b0a272087e45b43
[BSP] 3522df36cbac7734af6b1508597cfe22 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 900 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1845248 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2459648 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2721792 | Size: 112233 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 232574976 | Size: 350 MB
5 - [MAN-MOUNT] Basic data partition | Offset (sectors): 233291776 | Size: 8192 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_05232015_014005.log
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/05/2015
Scan Time: 1:46:53
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.22.06
Rootkit Database: v2015.05.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Bart

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351839
Time Elapsed: 6 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{9b6ed4d7}, Quarantined, [9915b9dd226862d4a06e04727194de22],
PUP.Optional.PragmaEngine.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\9b6ed4d7, Quarantined, [9d11801698f2ce68a883a13bf60d6b95],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
Rogue.Multiple, C:\ProgramData\1837308050, Quarantined, [fab4a8ee7911f442595ce8b1aa595aa6],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Quarantined, [a30b0d8937531224c0b016a605fe0cf4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [a30b0d8937531224c0b016a605fe0cf4],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [7e302472f991e94d26c509c83cc7956b],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [7e302472f991e94d26c509c83cc7956b],

Files: 5
PUP.Optional.MultiPlug.A, C:\$Recycle.Bin\S-1-5-21-3837407782-1580577728-4138113420-1002\$R65TOVP\lv5ukZhqQoIe6G.x64.dll, Quarantined, [387676206d1d44f2ae162f2f867c8e72],
PUP.Optional.MultiPlug.A, C:\$Recycle.Bin\S-1-5-21-3837407782-1580577728-4138113420-1002\$RZ9WX1Q\Yq0umNqgRGEXPF.x64.dll, Quarantined, [0aa41086216993a3f2d265f9ae5460a0],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarantined, [a30b0d8937531224c0b016a605fe0cf4],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [7e302472f991e94d26c509c83cc7956b],
PUP.Optional.OmigaPlus.A, C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: (), Bad: ({"browser":{"show_home_button":false},"default_search_provider":{"enabled":true,"encodings":"UTF-8","id":38,"prepopulate_id":0},"default_search_provider_data":{"template_url_data":{"alternate_urls":["{google:baseURL}#q={searchTerms}","{google:baseURL}search#q={searchTerms}","{google:baseURL}webhp#q={searchTerms}","{google:baseURL}s#q={searchTerms}","{google:baseURL}s?q={searchTerms}"],"created_by_policy":false,"date_created":"0","favicon_url":"http://www.google.com/favicon.ico","id":"2","image_url":"{google:baseURL}searchbyimage/upload","image_url_post_params":"encoded_image={google:imageThumbnail},image_url={google:imageURL},sbisrc={google:imageSearchSource},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight}","input_encodings":["UTF-8"],"instant_url":"{google:baseURL}webhp?sourceid=chrome-instant&{google:RLZ}{google:forceInstantResults}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}","instant_url_post_params":"","keyword":"google.com","last_modified":"0","new_tab_url":"{google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}","originating_url":"","prepopulate_id":1,"safe_for_autoreplace":true,"search_terms_replacement_key":"espv","search_url_post_params":"","short_name":"Google","suggestions_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}","suggestions_url_post_params":"","synced_guid":"5C574DB3-41C4-4353-9C66-0B249E2BAAE1","url":"{google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"h","commands":{},"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"install_time":"13035999613054487","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Winkel","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\web_store","was_installed_by_default":false},"bepbmhgboaologfdajaanbcjmnhjmhfn":{"disable_reasons":1,"state":0},"blpcfgokakmgnkcojhhkbfbldkacnbeo":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"z","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13068680655709734","lastpingday":"13076751437922676","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"http://www.youtube.com/?feature=ytca"},"web_content":{"enabled":true,"origin":"http://www.youtube.com"}},"current_locale":"nl","default_locale":"en","description":"'s Werelds populairste online video community.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB","manifest_version":2,"name":"YouTube","update_url":"http://clients2.google.com/service/update2/crx","version":"4.2.7"},"page_ordinal":"n","path":"blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.7_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"cfhdojbkjhnklbpkdaibdccddilifddb":{"active_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["/*[/URL]","/*[/URL]"],"manifest_permissions":[],"scriptable_host":["/*[/URL]","/*[/URL]"]},"commands":{},"content_settings":[],"creation_flags":9,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["contextMenus","notifications","tabs","unlimitedStorage","webNavigation","webRequest","webRequestBlocking"],"explicit_host":["/*[/URL]","/*[/URL]"],"manifest_permissions":[],"scriptable_host":["/*[/URL]","/*[/URL]"]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13075982024019172","lastpingday":"13076751437922676","location":1,"manifest":{"background":{"scripts":["ext/common.js","ext/background.js","lib/compat.js","lib/info.js","lib/io.js","lib/adblockplus.js","lib/punycode.js","lib/publicSuffixList.js","lib/sha1.js","lib/jsbn.js","lib/rsa.js","webrequest.js","messageResponder.js","popupBlocker.js","background.js"]},"browser_action":{"default_icon":{"19":"icons/abp-19.png","38":"icons/abp-38.png"},"default_popup":"popup.html","default_title":"Adblock Plus"},"content_scripts":[{"all_frames":true,"js":["ext/common.js","ext/content.js","include.preload.js"],"matches":["/*[/URL]","/*[/URL]"],"run_at":"document_start"},{"all_frames":true,"js":["include.postload.js"],"matches":["/*[/URL]","/*[/URL]"],"run_at":"document_end"}],"current_locale":"nl","default_locale":"en_US","description":"Een gratis adblocker voor Chrome met meer dan 50 miljoen gebruikers, die ALLE vervelende advertenties, malware en tracking blokkeert","icons":{"128":"icons/detailed/abp-128.png","16":"icons/abp-16.png","32":"icons/abp-32.png","48":"icons/detailed/abp-48.png","64":"icons/detailed/abp-64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxGWIIBRUVzQIXITqE6+js1FA24fsZC58G0fxcO1Duwfps+9gip5tedTziErKEpeAQVkgasdT4kk+b6Lw27yp3oysAj6zD9j+j4W+EMArTXqMIc6SMYD7Z8bPcwPb3tC1MUxMSpO6oOVpFE23UhKe91SYnrK92nHI2cmsor5elXQIDAQAB","manifest_version":2,"minimum_chrome_version":"28.0","name":"Adblock Plus","options_page":"options.html","permissions":["tabs","/*[/URL]","/*[/URL]","contextMenus","webRequest","webRequestBlocking","webNavigation","unlimitedStorage","notifications"],"short_name":"Adblock Plus","update_url":"https://clients2.google.com/service/update2/crx","version":"1.8.12","web_accessible_resources":["block.html"]},"path":"cfhdojbkjhnklbpkdaibdccddilifddb\\1.8.12_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"coobgpohoikkiipiblmjeljniedjpjpf":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"yn","commands":{},"content_settings":[],"creation_flags":153,"events":[],"from_bookmark":true,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072052506253274","lastpingday":"13076751437922676","location":1,"manifest":{"app":{"launch":{"web_url":"http://www.google.com/webhp?source=search_app"},"urls":["*://www.google.com/search","*://www.google.com/webhp","*://www.google.com/imgres"]},"current_locale":"nl","default_locale":"en","description":"The fastest way to search the web.","icons":{"128":"128.png","16":"16.png","32":"32.png","48":"48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB","manifest_version":2,"name":"Google Search","permissions":[],"update_url":"http://clients2.google.com/service/update2/crx","version":"0.0.0.30"},"page_ordinal":"n","path":"coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.30_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"eemcgdkfndhakfknompkggombfjjjeno":{"active_permissions":{"api":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs"],"explicit_host":["chrome://favicon/*","chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13035999613054487","location":5,"manifest":{"chrome_url_overrides":{"bookmarks":"main.html"},"content_security_policy":"object-src 'none'; script-src chrome://resources 'self'","description":"Bookmark Manager","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQcByy+eN9jzazWF/DPn7NW47sW7lgmpk6eKc0BQM18q8hvEM3zNm2n7HkJv/R6fU+X5mtqkDuKvq5skF6qqUF4oEyaleWDFhd1xFwV7JV+/DU7bZ00w2+6gzqsabkerFpoP33ZRIw7OviJenP0c0uWqDWF8EGSyMhB3txqhOtiQIDAQAB","manifest_version":2,"name":"Bookmark Manager","permissions":["bookmarks","bookmarkManagerPrivate","metricsPrivate","systemPrivate","tabs","chrome://favicon/","chrome://resources/"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\bookmark_manager","was_installed_by_default":false},"ejidjjhkpiempkbhmpbfngldlkglhimk":{"active_permissions":{"api":["background","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"zm","commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13075982026690230","lastpingday":"13076751437922676","location":1,"manifest":{"app":{"launch":{"web_url":"https://mail.google.com/mail/mu/?mui=ca"},"urls":["https://mail.google.com/mail/mu/"]},"current_locale":"nl","default_locale":"en","description":"Gmail Offline","icons":{"128":"icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQChT6oJaykFTd2csfmkFZi3Q3b+wqIQMQe3zW627AgjqOrsS8yh95obKydJgcZm7OBnyF4qp/MbUE6Ilc7fKD1VJNpzX7AL4qloY+GPH64hA/YRByF5SkLtxoGrPNXOoVXpDlr5alAhbcH959BiDMBSomoEC1o9AE9PxzbptJKsjwIDAQAB","manifest_version":2,"name":"Gmail Offline","offline_enabled":true,"permissions":["unlimitedStorage","notifications","background"],"update_url":"https://clients2.google.com/service/update2/crx","version":"1.20"},"page_ordinal":"n","path":"ejidjjhkpiempkbhmpbfngldlkglhimk\\1.20_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"ennkphjdgehloodpbhlhldgbnhmacadg":{"active_permissions":{"api":[],"explicit_host":["chrome://settings-frame/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["app.runtime.onLaunched"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13035999613054487","location":5,"manifest":{"app":{"background":{"scripts":["settings_app.js"]}},"description":"Settings","display_in_launcher":false,"icons":{"128":"settings_app_icon_128.png","16":"settings_app_icon_16.png","32":"settings_app_icon_32.png","48":"settings_app_icon_48.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDoVDPGX6fvKPVVgc+gnkYlGqHuuapgFDyKhsy4z7UzRLO/95zXPv8h8e5EacqbAQJLUbP6DERH5jowyNEYVxq9GJyntJMwP1ejvoz/52hnY3CCGGCmttmKzzpp5zwLuq3iZf8bslwywfflNUYtaCFSDa0TtrBZz0aOPrAAd/AhNwIDAQAB","manifest_version":2,"name":"Settings","permissions":["chrome://settings-frame/"],"version":"0.2"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\settings_app","running":false,"was_installed_by_default":false},"fabcmochhfpldjekobfaaggijgohadih":{"ack_external":true,"active_permissions":{"api":["nativeMessaging","tabs","webNavigation"],"explicit_host":["*://*/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13066759439225457","lastpingday":"13076751437922676","location":6,"manifest":{"background":{"page":"background.html"},"browser_action":{"default_icon":"images/ico_wallet.png"},"content_scripts":[],"description":"Automatically fills your logins online while keeping them completely secured.","icons":{"128":"images/bd128.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDBRxEL5ZJ5c91dTvAhXvDBcsonTHZ/1qJ0niufHUOls27w0nmHZvGnYO8siDbyTQLqrdZyym7hG9mldAX9mOJ1DPGWk4HWLf5mYVkx0jivNsCWxW/INB7oH2VeJPdou/p0nB8LjEUEo9OZgUqAJh9bnqoe0oeAvk965xTvMduqNjlKkb3JKiXhH8JXjC6pZ1xxXcykliL4rJWw72AvTiwnFFKcAdLYZLnMkMxe1VisyvodLQ2SYuc8mE5/qTiWxShmufAD6hcx4n5H4aN0IAq8hZlgnptQMTy7oECMFUTaSH2Qfe9EI+i0Y/1ZWTIjUWum6Ld6cEgpRjO8lR5ziLQIDAQAB","manifest_version":2,"name":"Bitdefender Wallet","permissions":["tabs","webNavigation","nativeMessaging","*://*/*"],"update_url":"http://clients2.google.com/service/update2/crx","version":"18.21.4"},"path":"fabcmochhfpldjekobfaaggijgohadih\\18.21.4_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"gfdkimpbcpahaombhbimeihdjnejgicl":{"active_permissions":{"api":["feedbackPrivate"],"explicit_host":["chrome://resources/*"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["feedbackPrivate.onFeedbackRequested","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13035999613054487","location":5,"manifest":{"app":{"background":{"scripts":["js/event_handler.js"]},"content_security_policy":"default-src 'none'; script-src 'self' chrome://resources; style-src 'unsafe-inline' *; img-src *; media-src 'self'"},"description":"User feedback extension","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"32":"images/icon32.png","64":"images/icon64.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMZElzFX2J1g1nRQ/8S3rg/1CjFyDltWOxQg+9M8aVgNVxbutEWFQz+oQzIP9BB67mJifULgiv12ToFKsae4NpEUR8sPZjiKDIHumc6pUdixOm8SJ5Rs16SMR6+VYxFUjlVW+5CA3IILptmNBxgpfyqoK0qRpBDIhGk1KDEZ4zqQIDAQAB","manifest_version":2,"name":"Feedback","permissions":["feedbackPrivate","chrome://resources/"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\feedback","running":false,"was_installed_by_default":false},"icdipabjmbhpdkjaihfjoikhjjeneebd":{"active_permissions":{"api":["notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"zs","commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":33,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications","unlimitedStorage"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13075982027334617","lastpingday":"13076751437922676","location":1,"manifest":{"app":{"launch":{"web_url":"https://read.amazon.com/?ref_=kcr_app_chrome_link"},"urls":["https://read.amazon.com/"]},"description":"Kindle Cloud Reader - Read Kindle books in your browser, and shop on Amazon.com.","icons":{"128":"icon_128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrdLeUOj/zfb+BivY98YLl6wB65p2aAEBXmVxyTtM+tuWzBRRidiFDof7QA7yK7V3eZBcW0oHKRqj4BvMGyEBtQrtEXSp7/p590RTwlbuvxGRpYY5yjP+9w8Qh6KpB+4zTza8JEos4zGXS0r19d5glexh7UbGgIDVwA5RctOX+tQIDAQAB","manifest_version":2,"name":"Kindle Cloud Reader","offline_enabled":true,"permissions":["unlimitedStorage","notifications"],"update_url":"https://clients2.google.com/service/update2/crx","version":"1.7.0.1"},"page_ordinal":"n","path":"icdipabjmbhpdkjaihfjoikhjjeneebd\\1.7.0.1_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":false,"was_installed_by_oem":false},"kmendfapggjehodndflmmgagdbamhnfd":{"active_permissions":{"api":["cryptotokenPrivate","externally_connectable.all_urls","hid","tabs","u2fDevices","usb",{"usbDevices":[{"interfaceId":-1,"productId":529,"vendorId":4176}]},"webConnectable"],"explicit_host":["/*[/URL]","/*[/URL]","https://www.gstatic.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["runtime.onConnectExternal","runtime.onMessageExternal"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073777255841048","location":5,"manifest":{"background":{"persistent":false,"scripts":["util.js","b64.js","sha256.js","countdown.js","countdowntimer.js","devicestatuscodes.js","approvedorigins.js","errorcodes.js","gnubbycodetypes.js","webrequest.js","gnubbymsgtypes.js","messagetypes.js","factoryregistry.js","closeable.js","requesthelper.js","webrequestsender.js","enroller.js","requestqueue.js","signer.js","origincheck.js","textfetcher.js","appid.js","watchdog.js","cryptotokenorigincheck.js","cryptotokenapprovedorigins.js","gnubbydevice.js","hidgnubbydevice.js","usbgnubbydevice.js","gnubbies.js","gnubby.js","gnubby-u2f.js","gnubbyfactory.js","singlesigner.js","multiplesigner.js","generichelper.js","inherits.js","individualattest.js","devicefactoryregistry.js","usbhelper.js","usbenrollhandler.js","usbsignhandler.js","usbgnubbyfactory.js","googlecorpindividualattest.js","cryptotokenbackground.js"]},"description":"CryptoToken Component Extension","externally_connectable":{"accepts_tls_channel_id":true,"ids":["fjajfjhkeibgmiggdfehjplbhmfkialk"],"matches":["\u003Call_urls>"]},"incognito":"split","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7zRobvA+AVlvNqkHSSVhh1sEWsHSqz4oR/XptkDe/Cz3+gW9ZGumZ20NCHjaac8j1iiesdigp8B1LJsd/2WWv2Dbnto4f8GrQ5MVphKyQ9WJHwejEHN2K4vzrTcwaXqv5BSTXwxlxS/mXCmXskTfryKTLuYrcHEWK8fCHb+0gvr8b/kvsi75A1aMmb6nUnFJvETmCkOCPNX5CHTdy634Ts/x0fLhRuPlahk63rdf7agxQv5viVjQFk+tbgv6aa9kdSd11Js/RZ9yZjrFgHOBWgP4jTBqud4+HUglrzu8qynFipyNRLCZsaxhm+NItTyNgesxLdxZcwOz56KD1Q4IQIDAQAB","manifest_version":2,"name":"CryptoTokenExtension","permissions":["hid","usb","cryptotokenPrivate","externally_connectable.all_urls","tabs","u2fDevices","/*[/URL]","/*[/URL]",{"usbDevices":[{"productId":529,"vendorId":4176}]}],"version":"0.9.20"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\cryptotoken","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"lojpenhmoajbiciapkjkiekmobleogjc":{"active_permissions":{"api":["bookmarks","cookies","debugger","history","idle","management","storage","tabs","webRequest","webRequestBlocking"],"explicit_host":["\u003Call_urls>","chrome://*/*","chrome://favicon/*","file:///*","/*[/URL]","/*[/URL]"],"manifest_permissions":[],"scriptable_host":["chrome://chrome/extensions/*","chrome://extensions-frame/*","chrome://inspect/*","chrome://version/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076174510057498","location":5,"manifest":{"background":{"page":"bg.html"},"content_scripts":[{"all_frames":true,"js":["main.js"],"matches":["chrome://extensions-frame/*","chrome://chrome/extensions/*","chrome://inspect/*","chrome://version/*"],"run_at":"document_end"}],"content_security_policy":"script-src 'self' 'unsafe-eval' https://ssl.google-analytics.com; object-src 'self'","description":"Preloaded Extension Placeholder for Crhome","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjvF5pjuK8gRaw/2LoRYi37QqRd48B/FeO9yFtT6ueY84z/u0NrJ/xbPFc9OCGBi8RKIblVvcbY0ySGqdmp0QsUr/oXN0b06GL4iB8rMhlO082HhMzrClV8OKRJ+eJNhNBl8viwmtJs3MN0x9ljA4HQLaAPBA9a14IUKLjP0pWuwIDAQAB","manifest_version":2,"name":"Default Placeholder Extensions","permissions":["tabs","cookies","bookmarks","/*[/URL]","/*[/URL]","file://*","chrome://*/*","storage","management","webRequest","idle","webRequestBlocking","history","debugger","\u003Call_urls>"],"version":"35.2.1","web_accessible_resources":["content.js"]},"path":"C:\\Program Files\\Google\\Chrome\\Application\\Extensions\\chrome\\man","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"mfehgcgbbipciphmccgaenjidiccnmng":{"active_permissions":{"api":["cloudPrintPrivate"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13035999613054487","location":5,"manifest":{"app":{"launch":{"web_url":"https://www.google.com/cloudprint"},"urls":["https://www.google.com/cloudprint/enable_chrome_connector"]},"description":"Cloud Print","display_in_launcher":false,"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDqOhnwk4+HXVfGyaNsAQdU/js1Na56diW08oF1MhZiwzSnJsEaeuMN9od9q9N4ZdK3o1xXOSARrYdE+syV7Dl31nf6qz3A6K+D5NHe6sSB9yvYlIiN37jdWdrfxxE0pRYEVYZNTe3bzq3NkcYJlOdt1UPcpJB+isXpAGUKUvt7EQIDAQAB","name":"Cloud Print","permissions":["cloudPrintPrivate"],"version":"0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\cloud_print","was_installed_by_default":false},"mgndgikekgjfcpckkfioiadnlibdjbkf":{"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"xn","commands":{},"creation_flags":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":false,"install_time":"13035999613054487","location":5,"manifest":{"app":{"launch":{"web_url":"http://THIS-WILL-BE-REPLACED"}},"description":"Chrome as an app","display_in_launcher":true,"display_in_new_tab_page":false,"icons":{"128":"product_logo_128.png","16":"product_logo_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNuYLEQ1QPMcc5HfWI/9jiEf6FdJWqEtgRmIeI7qtjPLBM5oje+Ny2E2mTAhou5qdJiO2CHWdU1DQXY2F7Zu2gZaKZgHLfK4WimHxUT5Xd9/aro/R9PCzjguM1BLusiWYc9xlj1IsZpyiN1hcjU7SCnBhv1feQlv2WSB5KRiXwhQIDAQAB","name":"Chrome","version":"0.1"},"page_ordinal":"n","path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\chrome_app","was_installed_by_default":false},"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":[],"explicit_host":["\u003Call_urls>","chrome://favicon/*"],"manifest_permissions":[],"scriptable_host":["chrome://print/*"]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13073777255828241","location":5,"manifest":{"content_scripts":[{"js":["content_script.js"],"matches":["chrome://print/*"]}],"content_security_policy":"script-src 'self' chrome://resources; object-src *; plugin-types application/x-google-chrome-pdf","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QIDAQAB","manifest_version":2,"mime_types":["application/pdf"],"mime_types_handler":"index.html","name":"Chrome PDF Viewer","offline_enabled":true,"permissions":["\u003Call_urls>"],"version":"1","web_accessible_resources":["index.html","index.html"]},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\42.0.2311.90\\resources\\pdf","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"neajdppkdcdipfabeoofebfddakdcjhd":{"active_permissions":{"api":["systemPrivate","ttsEngine"],"explicit_host":["https://www.google.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["ttsEngine.onPause","ttsEngine.onResume","ttsEngine.onSpeak","ttsEngine.onStop"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13037530650289412","location":5,"manifest":{"background":{"persistent":false,"scripts":["tts_extension.js"]},"description":"Component extension providing speech via the Google network text-to-speech service.","key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GSbNUMGygqQTNDMFGIjZNcwXsHLzkNkHjWbuY37PbNdSDZ4VqlVjzbWqODSe+MjELdv5Keb51IdytnoGYXBMyqKmWpUrg+RnKvQ5ibWr4MW9pyIceOIdp9GrzC1WZGgTmZismYR3AjaIpufZ7xDdQQv+XrghPWCkdVqLN+qZDA1HU+DURznkMICiDDSH2sU0egm9UbWfS218bZqzKeQDiC3OnTPlaxcbJtKUuupIm5knjze3Wo9Ae9poTDMzKgchg0VlFCv3uqox+wlD8sjXBoyBCCK9HpImdVAF1a7jpdgiUHpPeV/26oYzM9/grltwNR3bzECQgSpyXp0eyoegwIDAQAB","manifest_version":2,"name":"Google Network Speech","permissions":["systemPrivate","ttsEngine","https://www.google.com/"],"tts_engine":{"voices":[{"event_types":["start","end","error"],"gender":"female","lang":"en-US","remote":true,"voice_name":"Google US English"},{"event_types":["start","end","error"],"gender":"male","lang":"en-GB","remote":true,"voice_name":"Google UK English Male"},{"event_types":["start","end","error"],"gender":"female","lang":"en-GB","remote":true,"voice_name":"Google UK English Female"},{"event_types":["start","end","error"],"gender":"female","lang":"es-ES","remote":true,"voice_name":"Google Español"},{"event_types":["start","end","error"],"gender":"female","lang":"fr-FR","remote":true,"voice_name":"Google Français"},{"event_types":["start","end","error"],"gender":"female","lang":"it-IT","remote":true,"voice_name":"Google Italiano"},{"event_types":["start","end","error"],"gender":"female","lang":"de-DE","remote":true,"voice_name":"Google Deutsch"},{"event_types":["start","end","error"],"gender":"female","lang":"ja-JP","remote":true,"voice_name":"Google 日本人"},{"event_types":["start","end","error"],"gender":"female","lang":"ko-KR","remote":true,"voice_name":"Google 한êµì˜"},{"event_types":["start","end","error"],"gender":"female","lang":"zh-CN","remote":true,"voice_name":"Google ä¸å›½çš„"}]},"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\33.0.1750.117\\resources\\network_speech_synthesis","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false},"nkeimhogjdpnpccoofpliimaahmaaome":{"active_permissions":{"api":["alarms","desktopCapture","processes","webConnectable","webrtcAudioPrivate","webrtcLoggingPrivate","system.cpu"],"manifest_permissions":[]},"commands":{},"creation_flags":1,"events":["alarms.onAlarm","runtime.onConnectExternal","runtime.onMessageExternal","runtime.onStartup"],"from_bookmark":false,"from_webstore":false,"initial_keybindings_set":true,"install_time":"13035999613054487","location":5,"manifest":{"background":{"page":"background.html","persistent":false},"externally_connectable":{"matches":[".google.com/hangouts*[/URL]","*://localhost/*"]},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQt2ZDdPfoSe/JI6ID5bgLHRCnCu9T36aYczmhw/tnv6QZB2I6WnOCMZXJZlRdqWc7w9jo4BWhYS50Vb4weMfh/I0On7VcRwJUgfAxW2cHB+EkmtI1v4v/OU24OqIa1Nmv9uRVeX0GjhQukdLNhAE6ACWooaf5kqKlCeK+1GOkQIDAQAB","manifest_version":2,"name":"Hangout Services","permissions":["desktopCapture","system.cpu","webrtcAudioPrivate","webrtcLoggingPrivate"],"version":"1.0"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\32.0.1700.107\\resources\\hangout_services","was_installed_by_default":false},"nmmhkkegccagdldgiimedpiccmgmieda":{"ack_external":true,"active_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":137,"events":["app.runtime.onLaunched","runtime.onConnectExternal"],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["identity","webview"],"explicit_host":["https://wallet-web.sandbox.google.com/*","https://wallet.google.com/*","https://www.google.com/*","https://www.googleapis.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13076173300468618","lastpingday":"13076751437922676","location":10,"manifest":{"app":{"background":{"scripts":["craw_background.js"]}},"current_locale":"nl","default_locale":"en","description":"Google Wallet voor digitale producten","display_in_launcher":false,"display_in_new_tab_page":false,"icons":{"128":"images/icon_128.png","16":"images/icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrKfMnLqViEyokd1wk57FxJtW2XXpGXzIHBzv9vQI/01UsuP0IV5/lj0wx7zJ/xcibUgDeIxobvv9XD+zO1MdjMWuqJFcKuSS4Suqkje6u+pMrTSGOSHq1bmBVh0kpToN8YoJs/P/yrRd7FEtAXTaFTGxQL4C385MeXSjaQfiRiQIDAQAB","manifest_version":2,"minimum_chrome_version":"29","name":"Google Wallet","oauth2":{"auto_approve":true,"client_id":"203784468217.apps.googleusercontent.com","scopes":["https://www.googleapis.com/auth/sierra","https://www.googleapis.com/auth/sierrasandbox","https://www.googleapis.com/auth/chromewebstore","https://www.googleapis.com/auth/chromewebstore.readonly"]},"permissions":["identity","webview","https://wallet.google.com/","https://wallet-web.sandbox.google.com/","https://www.google.com/","https://www.googleapis.com/*"],"update_url":"https://clients2.google.com/service/update2/crx","version":"0.1.1.0"},"path":"nmmhkkegccagdldgiimedpiccmgmieda\\0.1.1.0_0","preferences":{},"regular_only_preferences":{},"running":false,"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"pafkbggdmjlpgkdkcbjmhmfcdpncadgh":{"active_permissions":{"api":["alarms","gcm","identity","metricsPrivate","notifications","storage","tabs","webstorePrivate"],"explicit_host":["*://*.google.com/*","*://*.gstatic.com/*",".googleapis.com/*[/URL]",".googleusercontent.com/*[/URL]"],"manifest_permissions":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":["alarms.onAlarm","gcm.onMessage","identity.onSignInChanged","notifications.onButtonClicked","notifications.onClicked","notifications.onClosed","notifications.onPermissionLevelChanged","notifications.onShowSettings","pushMessaging.onMessage","runtime.onInstalled","runtime.onStartup","runtime.onSuspend","storage.onChanged"],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13047517258625766","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["https://www.googleapis.com/auth/googlenow"]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","\u003Call_urls>"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\35.0.1916.153\\resources\\google_now","preferences":{},"regular_only_preferences":{},"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"has_declarative_rules":{"declarativeContent":{"onPageChanged":false},"declarativeWebRequest":{"onRequest":false}},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13072052508178332","last_active_pingday":"13066905480514689","last_launch_time":"13066959157680818","lastpingday":"13076751437922676","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"nl","default_locale":"en","description":"Een snelle, doorzoekbare e-mailfunctie met minder spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"b.vouche@gmail.com","username":"b.vouche@gmail.com"}},"homepage":"http://isearch.omiga-plus.com/?type...HitachiXHTS727575A9E364_J3340084JY447BJY447BX","homepage_changed":true,"homepage_is_newtabpage":true,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"061BD541AC36EBBC8FC6E8C5386D2D37CC5667D53586385E44035A47AEDED242"},"default_search_provider":{"keyword":"B48F8A106D25709FCB435E008EED1D0BFE1708F2377C0CEC93966E5F1B40BC61","name":"7CB528FB25612929E647A7EFA29AC3F271FE6F04357350F4B5D378D6C0775ED9","search_url":"AD5C90623EA3C96F572C7481AB7F9909253B57D8F6620D21A33B892A6A739FAE"},"default_search_provider_data":{"template_url_data":"6F143105BBB9C2FDD11B3CF8BB94DA0C103A10EEC51562FB465E52756042B157"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"86CFBA63F2975514F08A4F19391F3CD4F47DB2D407BF28F0694F49DD3B325EC8","bepbmhgboaologfdajaanbcjmnhjmhfn":"282664CB8B9850276640CF33E6786FC029E4BEBA6A2E08EB0AAA2C764C6A0174","blpcfgokakmgnkcojhhkbfbldkacnbeo":"587141C55113BA30E48670D2FB2EBA00DE7736217A70FB775085C1B84AE2BB8F","cfhdojbkjhnklbpkdaibdccddilifddb":"111214AF70B16C30E4D7C52C42CE0400A39B57B840FCA4BB896B1587898C579F","coobgpohoikkiipiblmjeljniedjpjpf":"95B0069FF519B1D4E193D42D6A65B49CC92577A59EA18914EE4C80F0E828EB81","eemcgdkfndhakfknompkggombfjjjeno":"21E731B037CDBCAD87A2FFFAEEA73B694F1D3D89823A8A794F67A6B97B8C21A2","ejidjjhkpiempkbhmpbfngldlkglhimk":"5DFFE5A04B73E9F41B70C08C2D9C5624AFA4714D8E012467B6BC76B00B175167","ennkphjdgehloodpbhlhldgbnhmacadg":"CA76E65CC8384EF0D954A87CC0A1AA5B06DEF22F37861439ABC436F5202B2D0F","fabcmochhfpldjekobfaaggijgohadih":"B3C71DBE1523A87B107CF9B919C0003DD8A3875D91AA27154844D9236C089E73","gfdkimpbcpahaombhbimeihdjnejgicl":"C309586D0B3593AACA809849B31F3453A0681B42998B53B17908CFEA2C6D5468","icdipabjmbhpdkjaihfjoikhjjeneebd":"00234E5198132E983B6B789A9EAB03D9F526B47ED9BC281CBE29A943C494EA49","kmendfapggjehodndflmmgagdbamhnfd":"28907F931149D1A189FADF227FA17CA6390C83FEB91A58009BB7B0262A9424E2","lojpenhmoajbiciapkjkiekmobleogjc":"243E585142C6E6A8F42B7FE88280E7A1BF0D4649C2D8F78B4D1FC654A429FE7C","mfehgcgbbipciphmccgaenjidiccnmng":"4CE8E74B958AA7A8A37872AE737ACCCE244D2B55DDAB4EEBEE507A21EBF87012","mgndgikekgjfcpckkfioiadnlibdjbkf":"6938F5B366F2B3111EB0100E37E94A93272FA512AD058958C285E267979CE0EA","mhjfbmdgcfjbbpaeojofohoefgiehjai":"A8C3499F5EB5EB9E59F209447F570D033D4A3C5EEE78D183DC106BC7B50651E3","neajdppkdcdipfabeoofebfddakdcjhd":"6BDC8B399BDDB1BEA1FF661816B972CBF54C1684CF6AB8E867BE6449CA639664","nkeimhogjdpnpccoofpliimaahmaaome":"CEFA6EEC4F063C100EAC4F8A831991CAA3B9EA22FFB9E3FBA62DC49E12FA643E","nmmhkkegccagdldgiimedpiccmgmieda":"9A586D5922B3ADC2642C87B071AC055D416BEEDFCB368DF76D5FA3F1CE394D4B","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"77A6AAC2D9E7FC7ED035DD99E74FA4D1E5771624DED40956496488B724204989","pjkljhegncpnkpknbcohdijeoejaedia":"23DE5EDE1626EF667593D6BCC8ECDD34FAF9983691820D8524EFF13427BA15BA"}},"google":{"services":{"last_username":"117CB481F7A91F1A7441EDFE1BB1763EA50D8FA397B205048EF3246D9D0B5EF6","username":"0E83A33AED95A249D244059A090C792FB7BFA29CF60E11A69A5D44648C6F1B0F"}},"homepage":"B1CFD8F90B6A77FABD811D226D5D2A72CDEC7B25221D850A90C9ADFD30C4DF5B","homepage_is_newtabpage":"42741CB40079FEC8FBE103FD833699E12878A53550E630ACD889194A47DB06B5","pinned_tabs":"C3E36A8D20902713D4D9A39A35D20B76384665A629F207C34F4637D72CCE1938","prefs":{"preference_reset_time":"6CDD69E070B8DA2409416C802E9EC09339E93CA96FCBB035707A091DBFD7DC83"},"profile":{"reset_prompt_memento":"8CF6A3671ED09299D8EB97D63B4E8008E6E938BCD6876ADABE2E35EFDF5B9702"},"safebrowsing":{"incidents_sent":"ADA7EA7CD1A7D24073D38C141E37446F65C2A6782C08F216324949810366571D"},"search_provider_overrides":"290F3B1904C884BDF720FCB6B6D93967833F18CA746238EE38186EFC57926A23","session":{"restore_on_startup":"A151B60811FE08CF6CDF2D2735B962F2362CBA712950D6412A843D0BBDC246F2","startup_urls":"188D108F135873EDC7CC4D91632D668CC90A76F1C9688938F43E679755FFCF3E"},"software_reporter":{"prompt_reason":"29CED5E3A2FFE902F9D87BEDB847D195F23716699583B991FBB2526AEA35C583","prompt_seed":"23EDD4DD59075BFE3C4198C688AAF8E81DC1973032B89BBFBA59FB0B16A2AAAC","prompt_version":"65993C88695649FD052E914F31B3BB23991641EAF8AAEAB2B4151AF16EDE431B"},"sync":{"remaining_rollback_tries":"2FB2E2A7A21BE4B512558F77264C8C31D9B787BA0949B2C781FB0405E0D9147B"}},"super_mac":"6F3BAC519CFA34397582EE53913461F23EE0976ECE575C35D272923223F66373"},"session":{"restore_on_startup":1,"startup_urls":[]},"software_reporter":{"prompt_reason":0,"prompt_version":"3.20.1"},"sync":{"remaining_rollback_tries":0}}), Replaced,[7737276f6327f1450c1987e339cd926e]

Physical Sectors: 0
(No malicious items detected)


(end)
 
# AdwCleaner v4.205 - Logfile created 23/05/2015 at 02:06:17
# Updated 21/05/2015 by Xplode
# Database : 2015-05-21.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Bart - BART
# Running from : C:\Users\Bart\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\STab
Folder Deleted : C:\Users\Bart\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Bart\AppData\Roaming\Solvusoft
File Deleted : C:\Users\Bart\AppData\Roaming\DURCKM
File Deleted : C:\Users\Bart\AppData\Roaming\XKJSF

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\af707ec7-11a9-ab0d-956e-91c4c547a700
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v43.0.2357.65

[C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418743658&from=ild&uid=HitachiXHTS727575A9E364_J3340084JY447BJY447BX&q={searchTerms}
[C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1418743658&from=ild&uid=HitachiXHTS727575A9E364_J3340084JY447BJY447BX&q={searchTerms}

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [1872 bytes] - [23/05/2015 02:05:27]
AdwCleaner[S0].txt - [1782 bytes] - [23/05/2015 02:06:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1841 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 8.1 x64
Ran by Bart on za 23/05/2015 at 2:13:48,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4b42a4d0-a34c-4818-8de4-8870ed6a06dc}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9e3d9863-f09f-4a94-8b3c-79ec6800150d}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b42a4d0-a34c-4818-8de4-8870ed6a06dc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e3d9863-f09f-4a94-8b3c-79ec6800150d}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{4b42a4d0-a34c-4818-8de4-8870ed6a06dc}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{9e3d9863-f09f-4a94-8b3c-79ec6800150d}



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Bart\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on za 23/05/2015 at 2:15:40,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Bart (administrator) on BART on 23-05-2015 02:18:56
Running from C:\Users\Bart\Downloads
Loaded Profiles: Bart (Available Profiles: Bart)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771544 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770520 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-08-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-07] (Bitdefender)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [OneDrive] => C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {26c1007e-c965-11e4-bf28-8c89a50f65c4} - "E:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {d83f75f8-b06e-11e3-bea1-6c71d9b50274} - "F:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd9479c3-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd947a2b-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-12-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-12-29]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-08-23]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.x64.dll No File
BHO: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.x64.dll No File
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.1 195.130.131.1

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-17]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitdefender Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-27] (Bitdefender)
S2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-26] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-08-19] (Realsil Microelectronics Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-08-19] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) []
S2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) []
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-03-22] ()
S2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-17] () []
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-17] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-07] (BitDefender LLC)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-05-17] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2013-08-19] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-08-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-23] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 02:18 - 2015-05-23 02:19 - 00022760 _____ () C:\Users\Bart\Downloads\FRST.txt
2015-05-23 02:15 - 2015-05-23 02:15 - 00001929 _____ () C:\Users\Bart\Desktop\JRT.txt
2015-05-23 02:13 - 2015-05-23 02:13 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-BART-Windows-8.1-(64-bit).dat
2015-05-23 02:13 - 2015-05-23 02:13 - 00000000 ____D () C:\RegBackup
2015-05-23 02:10 - 2015-05-23 02:10 - 02720009 _____ (Thisisu) C:\Users\Bart\Downloads\JRT.exe
2015-05-23 02:05 - 2015-05-23 02:06 - 00000000 ____D () C:\AdwCleaner
2015-05-23 02:04 - 2015-05-23 02:04 - 02223104 _____ () C:\Users\Bart\Downloads\AdwCleaner.exe
2015-05-23 02:02 - 2015-05-23 02:02 - 00041292 _____ () C:\Users\Bart\Desktop\tet.txt
2015-05-23 01:46 - 2015-05-23 02:07 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 01:45 - 2015-05-23 01:45 - 00001128 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-23 01:45 - 2015-05-23 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 01:45 - 2015-05-23 01:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-23 01:45 - 2015-05-23 01:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-23 01:45 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-23 01:45 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-23 01:45 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-23 01:44 - 2015-05-23 01:45 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Bart\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 01:37 - 2015-05-23 01:59 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-05-23 01:37 - 2015-05-23 01:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-23 01:36 - 2015-05-23 01:37 - 16986200 _____ () C:\Users\Bart\Downloads\RogueKiller.exe
2015-05-23 01:15 - 2015-05-23 02:18 - 00000000 ____D () C:\FRST
2015-05-23 01:12 - 2015-05-23 01:13 - 02108416 _____ (Farbar) C:\Users\Bart\Downloads\FRST64.exe
2015-05-23 00:02 - 2015-05-23 00:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bart\Desktop\tdsskiller.exe
2015-05-23 00:01 - 2015-05-23 00:01 - 00089088 _____ () C:\Users\Bart\Desktop\mbr.exe
2015-05-23 00:00 - 2015-05-23 00:00 - 00380416 _____ () C:\Users\Bart\Desktop\iexplorer.exe
2015-05-22 15:34 - 2015-05-22 15:34 - 00000000 ____D () C:\Users\Bart\Desktop\Welcome to AKKA BNL
2015-05-20 21:02 - 2015-05-21 22:18 - 00011842 _____ () C:\Users\Bart\Documents\Sweetie Super Study schedule.xlsx
2015-05-19 11:58 - 2015-05-19 11:58 - 00011170 _____ () C:\Users\Bart\Documents\Sweetie travel calculation.xlsx
2015-05-19 11:44 - 2015-05-19 11:46 - 156936101 _____ () C:\Users\Bart\Downloads\Turbomachinery-2015-05-19.zip
2015-05-16 17:51 - 2015-05-23 02:07 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job
2015-05-16 17:51 - 2015-05-23 01:56 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job
2015-05-16 17:51 - 2015-05-16 17:51 - 00004046 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec
2015-05-16 17:51 - 2015-05-16 17:51 - 00003810 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65
2015-05-15 16:41 - 2015-05-22 23:35 - 00000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-05-13 17:02 - 2015-05-22 23:28 - 00000000 ___RD () C:\Users\Bart\OneDrive
2015-05-13 11:13 - 2015-05-13 11:13 - 00000000 ____D () C:\Program Files (x86)\DealMMine
2015-05-13 11:12 - 2015-05-19 20:35 - 00000000 ____D () C:\ProgramData\13903649708634143278
2015-05-13 11:12 - 2015-05-13 11:12 - 00000000 ____D () C:\Program Files (x86)\Does Amazon Ship to
2015-05-11 22:36 - 2015-05-11 22:36 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Steam
2015-05-07 14:16 - 2015-05-07 14:16 - 00000000 ____D () C:\Users\Bart\Documents\AKKA
2015-05-05 22:49 - 2015-05-05 23:07 - 479211299 _____ () C:\Users\Bart\Downloads\Go_to_marketing_strategies-2015-05-05.zip
2015-05-05 22:47 - 2015-05-05 22:56 - 222881985 _____ () C:\Users\Bart\Downloads\(Week_6)_CUSTOMER_CENTRICITY_How_Can_Customer_Centricity_Be_Profitable-2015-05-05.zip
2015-05-05 22:46 - 2015-05-05 22:51 - 147903125 _____ () C:\Users\Bart\Downloads\(Week_2)_BRANDING_Customer_Decision_Making_and_the_Role_of_Brand-2015-05-05.zip
2015-05-01 23:21 - 2015-05-22 23:25 - 00000000 ____D () C:\Users\Bart\Downloads\The Equalizer (2014)
2015-04-27 21:37 - 2015-05-11 18:46 - 00000000 ____D () C:\Users\Bart\Downloads\Fury (2014)

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-23 02:13 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 02:07 - 2015-02-20 19:47 - 00073386 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2015-05-23 02:07 - 2014-10-03 08:32 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-23 02:07 - 2014-06-26 18:56 - 00004938 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart
2015-05-23 02:07 - 2014-02-08 18:15 - 00000000 ___RD () C:\Users\Bart\Dropbox
2015-05-23 02:07 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Dropbox
2015-05-23 02:07 - 2014-02-04 16:59 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 02:07 - 2014-02-04 16:52 - 00000000 ___DO () C:\Users\Bart\SkyDrive
2015-05-23 02:07 - 2013-08-23 03:54 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-05-23 02:06 - 2013-11-14 09:20 - 01762592 _____ () C:\WINDOWS\PFRO.log
2015-05-23 02:06 - 2013-08-22 16:46 - 00429045 _____ () C:\WINDOWS\setupact.log
2015-05-23 02:06 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 02:06 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-23 02:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 01:54 - 2014-04-18 11:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-23 01:54 - 2013-08-23 04:05 - 00000000 ____D () C:\ProgramData\Realtek
2015-05-23 01:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-23 00:59 - 2014-02-04 15:47 - 00000000 ____D () C:\Users\Bart\AppData\Local\CrashDumps
2015-05-22 23:55 - 2014-03-09 19:03 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Skype
2015-05-22 23:45 - 2014-02-04 16:30 - 01104810 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 23:28 - 2014-07-01 01:01 - 00003086 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-22 18:06 - 2014-10-10 10:12 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 22:12 - 2014-02-07 23:25 - 03025920 ___SH () C:\Users\Bart\Downloads\Thumbs.db
2015-05-20 21:10 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Local\Packages
2015-05-19 20:35 - 2014-11-04 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 20:35 - 2014-10-31 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 20:35 - 2014-03-26 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-19 20:35 - 2014-03-09 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 20:35 - 2013-08-23 05:38 - 00000000 ___HD () C:\SuperChargerProfile
2015-05-19 20:34 - 2015-04-17 16:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-19 20:34 - 2015-04-12 13:00 - 00000000 ____D () C:\Users\Bart\bluej
2015-05-19 20:34 - 2015-04-08 10:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-19 20:34 - 2015-03-10 23:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-19 20:34 - 2015-02-24 20:44 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\uTorrent
2015-05-19 20:34 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-19 20:34 - 2014-02-06 21:15 - 00000000 ____D () C:\Users\Bart\AppData\Local\NVIDIA
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-19 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-19 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-19 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 18:08 - 2013-08-22 16:44 - 05108416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Bart
2015-05-12 15:02 - 2015-04-05 14:39 - 00000000 ____D () C:\Users\Bart\Documents\My Kindle Content
2015-05-12 11:29 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Adobe
2015-05-11 20:42 - 2014-02-14 13:02 - 00000000 ____D () C:\Users\Bart\Documents\Training
2015-05-09 11:12 - 2014-02-05 21:25 - 00000650 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-07 14:20 - 2015-03-16 22:57 - 00000000 ____D () C:\Users\Bart\Documents\Canada
2015-05-03 19:52 - 2014-10-10 10:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Origin

==================== Files in the root of some directories =======

2015-05-15 16:41 - 2015-05-22 23:35 - 0000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-02-20 19:47 - 2015-05-23 02:07 - 0073386 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2014-12-17 19:26 - 2014-12-17 19:26 - 0577508 _____ () C:\ProgramData\1418837032.bdinstall.bin

Some files in TEMP:
====================
C:\Users\Bart\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpytfy7u.dll
C:\Users\Bart\AppData\Local\Temp\Quarantine.exe
C:\Users\Bart\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-04-14 11:32

==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Bart at 2015-05-23 02:19:16
Running from C:\Users\Bart\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3837407782-1580577728-4138113420-500 - Administrator - Disabled)
Bart (S-1-5-21-3837407782-1580577728-4138113420-1002 - Administrator - Enabled) => C:\Users\Bart
Guest (S-1-5-21-3837407782-1580577728-4138113420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3837407782-1580577728-4138113420-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Disabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Disabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
µTorrent (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Amazon Kindle (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Amazon Kindle) (Version: - Amazon)
ArchiCAD 18 INT (HKLM\...\001FFF2FFF18FF00FF0701F01F02F000-R1) (Version: 18.0 - GRAPHISOFT)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Baldur's Gate: Enhanced Edition (HKLM-x32\...\Steam App 228280) (Version: - Overhaul Games)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
BioShock Infinite (HKLM-x32\...\Steam App 8870) (Version: - Irrational Games)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.19.0.1369 - Bitdefender)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.4 - BlueJ Team)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1307.301 - )
CodeMeter Runtime Kit v5.10a (HKLM\...\{CADFF08A-A157-474F-B6A8-8F26F81F7ABE}) (Version: 5.10.1224.501 - WIBU-SYSTEMS AG)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
Dragon Age™ II (HKLM-x32\...\{4D565319-8B91-41CB-961C-0DDC86101AC5}) (Version: 1.04.8524.0 - Electronic Arts)
Dropbox (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dust: An Elysian Tail (HKLM-x32\...\Steam App 236090) (Version: - Humble Hearts LLC)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.7.0.0 - Electronic Arts)
Endless Legend (HKLM-x32\...\Steam App 289130) (Version: - AMPLITUDE Studios)
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version: - Ninja Theory)
ETDWare PS/2-X64 11.13.2.4_WHQL (HKLM\...\Elantech) (Version: 11.13.2.4 - ELAN Microelectronic Corp.)
Fotoattēlu galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogaléria (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Foto-galerija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotogalleriet (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotoğraf Galerisi (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotótár (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerija fotografija (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.65 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1008 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Might & Magic Heroes VI - Shades of Darkness (HKLM-x32\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 2.1.0 - Ubisoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\{7359585E-A828-4EFC-8177-7D1883DDA0B5}) (Version: 2.12.1003 - MSI)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version: - Obsidian Entertainment)
Podstawowe programy Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Qualcomm Atheros Killer Network Manager (HKLM-x32\...\InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}) (Version: 6.1.0.596 - Qualcomm Atheros)
Qualcomm Atheros Killer Network Manager (Version: 6.1.0.596 - Qualcomm Atheros) Hidden
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.780.780.102113 - REALTEK Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.01 - Creative Technology Limited)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Super-Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.017 - MSI)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD Projekt RED)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Valokuvavalikoima (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Virtua Tennis 4 (HKLM-x32\...\Steam App 71390) (Version: - SEGA)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
WibuKey Setup (WibuKey Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 6.20 of 2013-Dec-18 (Build 1230) (Setup) - WIBU-SYSTEMS AG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.10 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.1 - win.rar GmbH)
Основи Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоальбом (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотогалерия (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотографии (общедоступная версия) (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Фотоколекція (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
גלריית התמונות (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bart\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

16-05-2015 18:02:35 Software Removal Tool
19-05-2015 20:19:02 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2014-02-07 12:53 - 00000892 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {049D117C-31E9-416C-9D56-C02C33D34E25} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0A7A8FD4-0FCB-4105-A511-BA076679D467} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {1140B84E-1045-4C8B-8993-3013D4009102} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {1C1C8026-8E73-466A-A434-7FFCA5DD4F02} - System32\Tasks\{10FE4DF7-F1DB-4537-A958-69163C47B268} => pcalua.exe -a C:\Users\Bart\AppData\Roaming\Spotify\Spotify.exe -c /uninstall
Task: {1C4E157D-3A40-4D4D-BE09-2E4874AAEE12} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {23FA0EB1-6015-4D71-8DF3-71FE7361C356} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {3A153453-9622-4BD1-8F95-139495C8D234} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {46CF1008-8786-43AE-9F2D-E89E8F1796BE} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {4F2C8CD4-FDBD-41A9-86ED-6BFDCDA64B0C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {55819866-1CFD-45E1-85EB-CBF012B3CCA3} - System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {5B1FC6B1-726C-4496-AF1C-4EC2C88457CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {68302620-7F9A-460B-B0E9-51360F7CF476} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {76895E11-8A6C-488A-8AF2-4BD95ED18993} - System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-04] (Google Inc.)
Task: {79C26886-4AB8-4836-99DF-CAC45914B3DD} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {815746BB-1135-4925-9CFB-5370B819A477} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {9C97BE40-0B13-4A7A-84A8-3FDE1CC7CD64} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-08-19] (Intel)
Task: {A030C80F-51E5-47DB-A53F-C6A2715733DE} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {AA68C596-6305-4364-8E28-BC5D63C25CD1} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B9136315-EEFA-4ACC-9053-38928795A527} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {BE417E02-FA0A-4FBC-98CE-40B266F51C4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D7957E1D-F33F-44CB-AC8A-26DFB6FB83D5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-17] (Microsoft Corporation)
Task: {DD57DE37-57F5-4401-B133-4E5DEB4A21F8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E58E9888-EE27-4F89-97B5-3E8FD5AD7E88} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E73BE229-89D1-4F5F-9CE7-F5DB3E3C5835} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E8E0C254-CBA8-4CB5-B036-52912690727C} - \Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002 No Task File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3837407782-1580577728-4138113420-1002Core.job => C:\Users\Bart\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-12-17 19:25 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-12-17 19:25 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-12-17 19:25 - 2014-11-19 21:28 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-12-17 19:25 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-05-06 11:42 - 2015-05-06 11:42 - 00790368 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpbr.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 00711064 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpdsp.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 02683520 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttpph.mdl
2015-05-06 11:42 - 2015-05-06 11:42 - 01326504 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00350_005\ashttprbl.mdl
2013-09-05 03:36 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-23 03:32 - 2013-02-16 01:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Bart\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70289705.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70289705.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bart\Pictures\Da maucies\10467571_10202148104243808_341037834_o.jpg
DNS Servers: 195.130.130.1 - 195.130.131.1
 
==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_47E47C6948340879425082301BC77D90"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\StartupApproved\Run: => "SkyDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{882504B2-D7DF-4BFA-BB53-37FF786C3067}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{06608946-3D20-48C9-A3F0-493BA436912E}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{0E204AF3-5113-45CE-8762-0B8605EC610B}] => (Allow) LPort=1900
FirewallRules: [{9D43C581-B17D-4DFD-91F1-7C10D28E7B7A}] => (Allow) LPort=2869
FirewallRules: [{89EEBBEA-AE46-41A9-B68A-13FCFFD6812D}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{812503E0-F200-4936-944A-68E5A78378EC}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{BD8D0933-04CE-43A2-97B7-F52F54BBFE98}] => (Allow) D:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{426108F6-7725-478D-8880-C6947E160829}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{38192E39-D08A-47E6-9F6B-5778DCFD8349}] => (Allow) D:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{A5283F4F-957E-4FE2-BA2B-2C1EC883F287}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ED864734-ABAF-46E8-9387-2E34E3689B85}] => (Allow) D:\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8238E273-2FF9-4F7E-9066-DEEFEBC95142}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41698742-1BBA-4679-8EC9-F757C0885B03}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1D36FA0A-436E-4716-A2FE-93F5EEB2EDB1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{93B903DE-0DC0-4F31-A268-D7CCB0578D4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5A7C9B2C-54F6-4E53-A487-2446DB84816C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2764CBD5-121B-4FC6-BB48-62EDFD23DF7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{369E2483-0319-45F0-BF5D-AAD6DF9F3071}] => (Allow) D:\Heroes6\Might & Magic Heroes VI.exe
FirewallRules: [{51D790C2-EED3-40E2-A7C5-C60A669CFE97}] => (Allow) D:\Heroes6\Might & Magic Heroes VI.exe
FirewallRules: [{666B738E-9140-408D-BC9C-6AF6BD4931CA}] => (Allow) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2BD1654F-73A9-449B-B167-81090BEA1E96}] => (Allow) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C4E7CA02-7547-46A8-A84D-F7D6CECAB61D}C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C1F77CB0-A40A-49FC-B7C0-B562FF9D2216}C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\bart\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0B38D8BC-7A85-4163-A04C-E72C34159D8B}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{F505EDF7-5783-4F3C-87F1-76AAFB105260}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{F3C892A0-4C72-4F54-A226-C6D6E64D6F10}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F2B573D1-2487-4793-BED6-49D45B6BBF37}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB07258F-3719-4F6C-B748-E32D990C1101}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{BC9908F3-375E-40AD-8FF7-79171864A485}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{CEF5C854-9EE8-4385-94BA-2DF63A6DFB7E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{9E00B852-F76C-475D-94A3-9E2E329D5DC1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{2D9C075A-E9FC-4C36-9425-137069A18A05}D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{DD24F567-6974-4C9A-9A2F-BAF6D0669FE2}D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) D:\borderlands 2\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{DF8B0FA6-6013-4846-ACA5-83233E92F694}] => (Allow) D:\Need for Speed Rivals\NFS14_x86.exe
FirewallRules: [{43392F3C-5BDE-42A9-8F62-E2774C78EFAD}] => (Allow) D:\Need for Speed Rivals\NFS14_x86.exe
FirewallRules: [{9338674F-7598-44A8-AA1F-404678022050}] => (Allow) D:\Need for Speed Rivals\NFS14.exe
FirewallRules: [{53CF4105-1A44-472C-88CD-AE68F30EFC07}] => (Allow) D:\Need for Speed Rivals\NFS14.exe
FirewallRules: [TCP Query User{EB8E0AD5-9750-4F9A-807B-2D254EF05195}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [UDP Query User{AAD2EC5B-0228-4A0F-9661-DEF427C580CE}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [{1E58D812-D876-4B57-9AE5-FDE32B066F99}] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [{CED6F3A7-2E82-486A-9F2A-615AD8D28700}] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_tablet.exe
FirewallRules: [TCP Query User{7FB6BFD0-DA3F-4EE4-BA84-B43D252F3354}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [UDP Query User{3E00F3A5-282A-408A-B1C5-12B71E2B0944}D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe] => (Allow) D:\steam\steamapps\common\sid meier's civilization v\civilizationv_dx11.exe
FirewallRules: [{135A51A5-D90E-48A3-8B41-BF8973A415A1}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{9280F2D7-7920-4E71-A4C6-E6753F1CA596}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\BGEE.exe
FirewallRules: [{2B7FCA9E-66FB-403D-8BC1-D7DAC439C508}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{D71CC758-2378-4C6E-B6CF-801C0141C7F0}] => (Allow) D:\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{CF0E529F-6629-41A6-A4DF-7CC3803885DA}] => (Allow) D:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{27F3D8A3-83C4-4324-B7AD-4EDBED6083D4}] => (Allow) D:\Steam\SteamApps\common\Age2HD\Launcher.exe
FirewallRules: [{EF890E89-255C-47E6-A653-AFBBC315B369}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{9A1AFF18-10B7-4DA9-B1A5-FD71BAA4317F}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{6AD782F0-37C6-4095-B0BA-C0ECE61E6362}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{A7953572-865A-48DA-B0D4-E9A792185884}] => (Allow) D:\Steam\SteamApps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{73BEEEF5-0C47-4AD5-9307-90F18A7829F1}] => (Allow) D:\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exe
FirewallRules: [{3EE2A5DE-8017-4FC9-989C-A2E13C6CEA85}] => (Allow) D:\Steam\SteamApps\common\Enslaved\Binaries\Win32\Enslaved.exe
FirewallRules: [{AFF5AA4A-C25F-4614-B955-CCEAC877FF78}] => (Allow) D:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{B95FF919-7070-4458-AC4E-9AC4FCEB905A}] => (Allow) D:\Steam\SteamApps\common\Dust An Elysian Tail\DustAET.exe
FirewallRules: [{5167CC33-1F26-4923-AA29-8E9755AFEE2C}] => (Allow) C:\Users\Bart\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{77F49EB9-2189-4059-B7C4-46DE78389C89}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{FD5AAAA2-C63F-421C-A16D-961DE8A83E2D}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{F0418B36-EC0F-421B-B4C0-10128E8C6FF8}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{D22FFB62-732C-4B78-8DC3-F526FD6C70AD}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{28DE370D-F911-4513-B694-0DAFB40A363D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{77ECB8FF-E2D0-4C9A-AD56-3980C0908ED3}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{F2A71052-45CC-41C0-9FD7-22B2A812E6CE}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{2C96EAEB-13F2-46EC-BBBB-D21A5CD61775}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [{757F67E6-DCCD-40EE-975A-02496BCD4F7C}] => (Allow) D:\Steam\SteamApps\common\Baldur's Gate Enhanced Edition\Baldur.exe
FirewallRules: [TCP Query User{123005A5-A0F6-437F-9C1C-B963EF076625}C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe] => (Allow) C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe
FirewallRules: [UDP Query User{6987A476-3BFB-488D-9068-A555749812FA}C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe] => (Allow) C:\users\bart\desktop\age2hd the forgotten 3.2 lan version\age2hd the forgotten 3.2 lan version\aok hd.exe
FirewallRules: [{47D089E0-D0E5-46BE-AD82-50775E36A961}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{BDBE013A-3E70-4DC8-B723-61A4F5E0D01D}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age II\bin_ship\DragonAge2.exe
FirewallRules: [{34CFE66E-5F4D-4962-BC1A-4486A85AE8E1}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{2B905999-9CDB-4323-915C-196C11AD2271}] => (Allow) D:\Program Files (x86)\Origin Games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{1E18A040-638B-4B58-98AC-E89C33897ABC}C:\users\bart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bart\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E204A049-7A07-418B-8C58-9723CC715CBD}C:\users\bart\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\bart\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{48FD78AA-8464-46EF-95CD-8E3EC0EAB1B6}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7D7067F2-4ED0-46B5-91A9-06B4855BAB86}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{32933348-C638-4CEE-9EF7-FEB9F39911F3}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{E443456C-2A35-4985-85CA-E6747ADDC827}D:\steam\steamapps\common\lord of the rings online\lotroclient.exe] => (Allow) D:\steam\steamapps\common\lord of the rings online\lotroclient.exe
FirewallRules: [{7BE56B77-02D0-48AD-B813-8D5054E96573}] => (Allow) D:\Steam\SteamApps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{817A8D49-4599-4936-B2BD-BA807543884D}] => (Allow) D:\Steam\SteamApps\common\Endless Legend\EndlessLegend.exe
FirewallRules: [{4FEB63E9-61F3-4D8C-9126-025816F30A6F}] => (Allow) D:\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{8666097E-C6C3-4BD5-9A81-0969AC5FB1D4}] => (Allow) D:\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [TCP Query User{9C5EA5D8-6BED-4E06-A62F-16640956EBA8}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{D80FDF76-C71A-41AE-83AE-82E742603394}C:\users\bart\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\bart\appdata\local\akamai\netsession_win.exe
FirewallRules: [{82834B23-247D-477F-978F-DD65807A6203}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe
FirewallRules: [{504A8110-2B7C-49CE-916F-DE10DA660F37}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\ArchiCAD.exe
FirewallRules: [{57A6BC37-2540-4408-B31D-15702BD78638}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe
FirewallRules: [{BE633851-9EB6-466F-9E4E-4636317A8436}] => (Allow) C:\Program Files\GRAPHISOFT\ArchiCAD 18\CineRender\CineRender 64bit.exe
FirewallRules: [{E18748DD-2CBC-44CD-99C4-A4EF53649FAE}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F069E368-79D9-46A8-8B8A-D0A37F073443}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{EF071A3C-20D3-46B8-BE2C-4E090090C083}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{D449A98F-D659-4A44-BCCC-2F74B389F9ED}] => (Allow) C:\Users\Bart\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{992A90E5-5131-47DD-9168-A5DD0A6C99C8}] => (Allow) C:\Users\Bart\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8A681AB7-FECE-47BD-AF23-27EC3F9A0870}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{91ED2001-443B-4A6C-963D-D9281F3F1857}] => (Allow) D:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5DCD2348-9132-438B-8D08-8604094C8C90}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\VT4.exe
FirewallRules: [{F59AFCE1-1EB0-457B-BB26-9358649FA511}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\VT4.exe
FirewallRules: [{4E5CF62D-FE8C-488F-83BD-B2539FB2E505}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\Launcher.exe
FirewallRules: [{4083DB46-BC07-44A4-8185-F24B9C14DF62}] => (Allow) D:\Steam\SteamApps\common\Virtua Tennis 4\Launcher.exe
FirewallRules: [{51DD4D13-B011-4D5B-81BE-00B1147F11DC}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{92BA81D3-5140-4988-B7CC-06800309A86D}] => (Allow) D:\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{2E398FC1-660D-4396-BA7A-7C03F79A4EAE}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{5D439613-7107-41B6-A38C-483EABC0CAF4}] => (Allow) D:\Program Files (x86)\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{D063CEC7-7022-4139-83F6-B6FF49DA1CC6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2015 01:54:30 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplorer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: iexplorer.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x2370
Faulting application start time: 0xiexplorer.exe0
Faulting application path: iexplorer.exe1
Faulting module path: iexplorer.exe2
Report Id: iexplorer.exe3
Faulting package full name: iexplorer.exe4
Faulting package-relative application ID: iexplorer.exe5

Error: (05/23/2015 00:58:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x00088c46
Faulting process id: 0x1c38
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:50:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: BART)
Description: Product: Adobe Reader XI (11.0.10) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011011}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (05/23/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x1b24
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:37:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x147c
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:36:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x251c
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:35:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x26c0
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5

Error: (05/23/2015 00:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Faulting module name: dsdyghmqdjkfhdfl.exe, version: 2.1.19357.0, time stamp: 0x52e7ea83
Exception code: 0xc0000005
Fault offset: 0x000011aa
Faulting process id: 0x22c4
Faulting application start time: 0xdsdyghmqdjkfhdfl.exe0
Faulting application path: dsdyghmqdjkfhdfl.exe1
Faulting module path: dsdyghmqdjkfhdfl.exe2
Report Id: dsdyghmqdjkfhdfl.exe3
Faulting package full name: dsdyghmqdjkfhdfl.exe4
Faulting package-relative application ID: dsdyghmqdjkfhdfl.exe5


System errors:
=============
Error: (05/23/2015 02:14:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/23/2015 02:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/23/2015 02:14:37 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CodeMeter Runtime Server service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Qualcomm Atheros Killer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/23/2015 02:14:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MSI_SuperCharger service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (05/23/2015 01:54:30 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:59:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplorer.exe2.1.19357.052e7ea83iexplorer.exe2.1.19357.052e7ea83c0000005000011aa237001d094e2edce56a0C:\Users\Bart\Desktop\iexplorer.exeC:\Users\Bart\Desktop\iexplorer.exe325f2c4a-00d6-11e5-bf39-8c89a50f65c4

Error: (05/23/2015 00:58:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c000000500088c461c3801d094e16a6c3cd9C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeff12447a-00d5-11e5-bf39-8c89a50f65c4

Error: (05/23/2015 00:50:10 AM) (Source: MsiInstaller) (EventID: 1024) (User: BART)
Description: Adobe Reader XI (11.0.10){AC76BA86-7AD7-0000-2550-7A8C40011011}1625(NULL)(NULL)(NULL)

Error: (05/23/2015 00:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa1b2401d094dfed2aef92C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exe2c142574-00d3-11e5-bf39-6c71d9b4419b

Error: (05/23/2015 00:37:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa147c01d094dfe1037e5dC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exe1fd7f442-00d3-11e5-bf39-6c71d9b4419b

Error: (05/23/2015 00:36:18 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (05/23/2015 00:36:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa251c01d094dfb366a035C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exef200db19-00d2-11e5-bf38-8c89a50f65c4

Error: (05/23/2015 00:35:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa26c001d094df9753c653C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exed60ff2ff-00d2-11e5-bf38-8c89a50f65c4

Error: (05/23/2015 00:35:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83dsdyghmqdjkfhdfl.exe2.1.19357.052e7ea83c0000005000011aa22c401d094df89caa8f6C:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exeC:\Users\Bart\Desktop\dsdyghmqdjkfhdfl.exec99d6f0e-00d2-11e5-bf38-8c89a50f65c4


CodeIntegrity Errors:
===================================
Date: 2015-05-23 00:58:57.556
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:58:57.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:48:12.617
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:35:39.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:18:34.671
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:18:34.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:15:44.042
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:15:43.964
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-05-23 00:14:59.039
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Users\Bart\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-17 18:03:56.772
Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\BfLLR.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4702MQ CPU @ 2.20GHz
Percentage of memory in use: 19%
Total physical RAM: 8108.79 MB
Available physical RAM: 6503.48 MB
Total Pagefile: 9388.79 MB
Available Pagefile: 7729.88 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:109.6 GB) (Free:18.19 GB) NTFS
Drive d: (Data) (Fixed) (Total:678.91 GB) (Free:423.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 1E73314E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 1E7331B1)

Partition: GPT Partition Type.

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.1 KB · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Bart at 2015-05-23 02:51:29 Run:1
Running from C:\Users\Bart\Downloads
Loaded Profiles: Bart (Available Profiles: Bart)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {26c1007e-c965-11e4-bf28-8c89a50f65c4} - "E:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {d83f75f8-b06e-11e3-bea1-6c71d9b50274} - "F:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd9479c3-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd947a2b-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
BHO: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.x64.dll No File
BHO: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.x64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
2015-05-15 16:41 - 2015-05-22 23:35 - 0000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-02-20 19:47 - 2015-05-23 02:07 - 0073386 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2014-12-17 19:26 - 2014-12-17 19:26 - 0577508 _____ () C:\ProgramData\1418837032.bdinstall.bin
C:\Users\Bart\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpytfy7u.dll
C:\Users\Bart\AppData\Local\Temp\Quarantine.exe
C:\Users\Bart\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bart\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {E8E0C254-CBA8-4CB5-B036-52912690727C} - \Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002 No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Bart\SkyDrive:ms-properties

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value Removed successfully
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value Removed successfully
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c1007e-c965-11e4-bf28-8c89a50f65c4}" => key Removed successfully
HKCR\CLSID\{26c1007e-c965-11e4-bf28-8c89a50f65c4} => key not found.
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d83f75f8-b06e-11e3-bea1-6c71d9b50274}" => key Removed successfully
HKCR\CLSID\{d83f75f8-b06e-11e3-bea1-6c71d9b50274} => key not found.
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9479c3-b676-11e3-bea6-8c89a50f65c4}" => key Removed successfully
HKCR\CLSID\{dd9479c3-b676-11e3-bea6-8c89a50f65c4} => key not found.
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd947a2b-b676-11e3-bea6-8c89a50f65c4}" => key Removed successfully
HKCR\CLSID\{dd947a2b-b676-11e3-bea6-8c89a50f65c4} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key Removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key Removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key Removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key Removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key Removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key Removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{013F9FAA-CDCB-44EF-80C0-422CD4B1CD04}" => key Removed successfully
HKCR\CLSID\{013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4b42a4d0-a34c-4818-8de4-8870ed6a06dc}" => key Removed successfully
"HKCR\CLSID\{4b42a4d0-a34c-4818-8de4-8870ed6a06dc}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e3d9863-f09f-4a94-8b3c-79ec6800150d}" => key Removed successfully
"HKCR\CLSID\{9e3d9863-f09f-4a94-8b3c-79ec6800150d}" => key Removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key Removed successfully
C:\Users\Bart\AppData\Roaming\appdataFr25.bin => Moved successfully.
C:\Users\Bart\AppData\Local\BTServer.log => Moved successfully.
C:\ProgramData\1418837032.bdinstall.bin => Moved successfully.
C:\Users\Bart\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpytfy7u.dll => Moved successfully.
C:\Users\Bart\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Bart\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key Removed successfully
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key Removed successfully
"HKU\S-1-5-21-3837407782-1580577728-4138113420-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8E0C254-CBA8-4CB5-B036-52912690727C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8E0C254-CBA8-4CB5-B036-52912690727C}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002" => key Removed successfully
C:\Users\Bart\SkyDrive => ":ms-properties" ADS Removed successfully.

==== End of Fixlog 02:51:30 ====
 
A program reinstalled itself as a chrome extension. It is called freedealsapp and it redirects me to random websites + gives popup advertisements.
 
Reset Chrome...
Click on "Customize and control Google Chrome":
p22003758.gif

Click "Settings" then "Show advanced settings" at the bottom of the screen.
Click "Reset browser settings" button.
Restart Chrome.

If the above didn't help....

Reinstall Chrome...
If you want to save your bookmarks...
How to Backup Bookmarks in Google Chrome
If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/
  • Close all Chrome windows and tabs.
  • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
  • Click Programs and Features.
  • Double-click Google Chrome.
  • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
Install fresh copy.

Then...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.002
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
Bitdefender Antivirus
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java 8 Update 40
Java version 32-bit out of Date!
Adobe Reader XI
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2015 vsserv.exe
Bitdefender Bitdefender 2015 updatesrv.exe
Bitdefender Bitdefender 2015 bdagent.exe
Bitdefender Bitdefender 2015 bdwtxag.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Hey!

Thanks a lot for your help. I will let you know how my computer is doing and if the problem has indeed completely disappeard.
 
Hey,

Thanks again for your help. I am running the anti-malware regularly and there have been no new unwanted programs installing themselves.

I think the issue is resolved indeed! :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back