Whippedwinter
Posts: 17 +0
Dear,
I have extensions reinstalling themselves on my computer, which cause automatic popups or redirection to other sites. I have bitdefender installed and it told me my system was clean.
I tried to remove pragma engine though it doesn't want to be removed due to unfindable files.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Bart (administrator) on BART on 23-05-2015 01:20:44
Running from C:\Users\Bart\Downloads
Loaded Profiles: Bart (Available Profiles: Bart)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771544 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770520 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-08-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-07] (Bitdefender)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [OneDrive] => C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {26c1007e-c965-11e4-bf28-8c89a50f65c4} - "E:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {d83f75f8-b06e-11e3-bea1-6c71d9b50274} - "F:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd9479c3-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd947a2b-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-12-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-12-29]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-08-23]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> DefaultScope {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.x64.dll No File
BHO: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.x64.dll No File
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.1 195.130.131.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-17]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
Chrome:
=======
CHR Profile: C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-13]
CHR Extension: (Google Search) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Gmail Offline) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-27] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-26] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-08-19] (Realsil Microelectronics Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) []
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-03-22] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-17] () []
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 9b6ed4d7; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\PragmaEngine\PragmaEngine.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-17] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-07] (BitDefender LLC)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-05-17] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2013-08-19] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-08-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U3 fgrdqpob; \??\C:\Users\Bart\AppData\Local\Temp\fgrdqpob.sys [X]
U3 mbr; \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 01:17 - 2015-05-23 01:17 - 00061886 _____ () C:\Users\Bart\Downloads\Addition.txt
2015-05-23 01:16 - 2015-05-23 01:20 - 00025298 _____ () C:\Users\Bart\Downloads\FRST.txt
2015-05-23 01:15 - 2015-05-23 01:20 - 00000000 ____D () C:\FRST
2015-05-23 01:12 - 2015-05-23 01:13 - 02108416 _____ (Farbar) C:\Users\Bart\Downloads\FRST64.exe
2015-05-23 00:37 - 2015-05-23 00:37 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-23 00:02 - 2015-05-23 00:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bart\Desktop\tdsskiller.exe
2015-05-23 00:01 - 2015-05-23 00:01 - 00089088 _____ () C:\Users\Bart\Desktop\mbr.exe
2015-05-23 00:00 - 2015-05-23 00:00 - 00380416 _____ () C:\Users\Bart\Desktop\iexplorer.exe
2015-05-22 15:34 - 2015-05-22 15:34 - 00000000 ____D () C:\Users\Bart\Desktop\Welcome to AKKA BNL
2015-05-20 21:02 - 2015-05-21 22:18 - 00011842 _____ () C:\Users\Bart\Documents\Sweetie Super Study schedule.xlsx
2015-05-19 11:58 - 2015-05-19 11:58 - 00011170 _____ () C:\Users\Bart\Documents\Sweetie travel calculation.xlsx
2015-05-19 11:44 - 2015-05-19 11:46 - 156936101 _____ () C:\Users\Bart\Downloads\Turbomachinery-2015-05-19.zip
2015-05-16 17:51 - 2015-05-23 00:56 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job
2015-05-16 17:51 - 2015-05-23 00:37 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job
2015-05-16 17:51 - 2015-05-16 17:51 - 00004046 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec
2015-05-16 17:51 - 2015-05-16 17:51 - 00003810 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65
2015-05-15 16:41 - 2015-05-22 23:35 - 00000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-05-13 17:02 - 2015-05-22 23:28 - 00000000 ___RD () C:\Users\Bart\OneDrive
2015-05-13 11:13 - 2015-05-13 11:13 - 00000000 ____D () C:\Program Files (x86)\DealMMine
2015-05-13 11:12 - 2015-05-19 20:35 - 00000000 ____D () C:\ProgramData\13903649708634143278
2015-05-13 11:12 - 2015-05-13 11:12 - 00000000 ____D () C:\Program Files (x86)\Does Amazon Ship to
2015-05-11 22:36 - 2015-05-11 22:36 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Steam
2015-05-07 14:16 - 2015-05-07 14:16 - 00000000 ____D () C:\Users\Bart\Documents\AKKA
2015-05-05 22:49 - 2015-05-05 23:07 - 479211299 _____ () C:\Users\Bart\Downloads\Go_to_marketing_strategies-2015-05-05.zip
2015-05-05 22:47 - 2015-05-05 22:56 - 222881985 _____ () C:\Users\Bart\Downloads\(Week_6)_CUSTOMER_CENTRICITY_How_Can_Customer_Centricity_Be_Profitable-2015-05-05.zip
2015-05-05 22:46 - 2015-05-05 22:51 - 147903125 _____ () C:\Users\Bart\Downloads\(Week_2)_BRANDING_Customer_Decision_Making_and_the_Role_of_Brand-2015-05-05.zip
2015-05-01 23:21 - 2015-05-22 23:25 - 00000000 ____D () C:\Users\Bart\Downloads\The Equalizer (2014)
2015-04-27 21:37 - 2015-05-11 18:46 - 00000000 ____D () C:\Users\Bart\Downloads\Fury (2014)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 00:59 - 2014-06-26 18:56 - 00004936 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart
2015-05-23 00:59 - 2014-02-04 15:47 - 00000000 ____D () C:\Users\Bart\AppData\Local\CrashDumps
2015-05-23 00:53 - 2014-02-08 18:15 - 00000000 ___RD () C:\Users\Bart\Dropbox
2015-05-23 00:53 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Dropbox
2015-05-23 00:49 - 2014-02-04 16:52 - 00000000 ___DO () C:\Users\Bart\SkyDrive
2015-05-23 00:43 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 00:42 - 2014-02-04 14:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-23 00:37 - 2015-02-20 19:47 - 00072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2015-05-23 00:37 - 2014-10-03 08:32 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-23 00:37 - 2014-02-04 16:59 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 00:37 - 2013-08-23 04:05 - 00000000 ____D () C:\ProgramData\Realtek
2015-05-23 00:37 - 2013-08-23 03:54 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-05-23 00:37 - 2013-08-22 16:46 - 00428583 _____ () C:\WINDOWS\setupact.log
2015-05-23 00:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 00:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 23:55 - 2014-03-09 19:03 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Skype
2015-05-22 23:45 - 2014-02-04 16:30 - 01104810 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 23:28 - 2014-07-01 01:01 - 00003086 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-22 18:06 - 2014-10-10 10:12 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 22:12 - 2014-02-07 23:25 - 03025920 ___SH () C:\Users\Bart\Downloads\Thumbs.db
2015-05-20 21:10 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Local\Packages
2015-05-20 20:39 - 2014-09-01 10:18 - 00000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-05-20 20:28 - 2014-04-18 11:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 20:35 - 2014-11-04 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 20:35 - 2014-10-31 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 20:35 - 2014-03-26 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-19 20:35 - 2014-03-09 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 20:35 - 2013-08-23 05:38 - 00000000 ___HD () C:\SuperChargerProfile
2015-05-19 20:34 - 2015-04-17 16:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-19 20:34 - 2015-04-12 13:00 - 00000000 ____D () C:\Users\Bart\bluej
2015-05-19 20:34 - 2015-04-08 10:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-19 20:34 - 2015-03-10 23:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-19 20:34 - 2015-02-24 20:44 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\uTorrent
2015-05-19 20:34 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-19 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-19 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-19 20:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-19 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 18:08 - 2013-08-22 16:44 - 05108416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Bart
2015-05-12 15:02 - 2015-04-05 14:39 - 00000000 ____D () C:\Users\Bart\Documents\My Kindle Content
2015-05-12 11:29 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Adobe
2015-05-11 20:42 - 2014-02-14 13:02 - 00000000 ____D () C:\Users\Bart\Documents\Training
2015-05-09 11:12 - 2014-02-05 21:25 - 00000650 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-07 14:20 - 2015-03-16 22:57 - 00000000 ____D () C:\Users\Bart\Documents\Canada
2015-05-03 19:52 - 2014-10-10 10:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Origin
==================== Files in the root of some directories =======
2015-05-15 16:41 - 2015-05-22 23:35 - 0000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2014-09-01 10:18 - 2014-12-17 19:40 - 0001171 _____ () C:\Users\Bart\AppData\Roaming\DURCKM
2014-09-01 10:18 - 2015-05-20 20:39 - 0000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-02-20 19:47 - 2015-05-23 00:37 - 0072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2014-12-17 19:26 - 2014-12-17 19:26 - 0577508 _____ () C:\ProgramData\1418837032.bdinstall.bin
2015-05-23 00:37 - 2015-05-23 00:37 - 0000000 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8eyxnp.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-14 11:32
==================== End of log ============================
I have extensions reinstalling themselves on my computer, which cause automatic popups or redirection to other sites. I have bitdefender installed and it told me my system was clean.
I tried to remove pragma engine though it doesn't want to be removed due to unfindable files.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2015 01
Ran by Bart (administrator) on BART on 23-05-2015 01:20:44
Running from C:\Users\Bart\Downloads
Loaded Profiles: Bart (Available Profiles: Bart)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Micro-Star International Co., Ltd.) C:\Windows\SysWOW64\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-08-19] (Realtek Semiconductor)
HKLM-x32\...\Run: [IgfxTray] => C:\WINDOWS\system32\igfxtray.exe [391128 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [HotKeysCmds] => C:\WINDOWS\system32\hkcmd.exe [771544 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [Persistence] => C:\WINDOWS\system32\igfxpers.exe [770520 2013-12-21] (Intel Corporation)
HKLM-x32\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2875728 2013-08-19] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [253440 2013-04-23] (Realtek Semiconductor Corporation)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM-x32\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-07] (Bitdefender)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [490480 2013-02-07] (MSI)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-03-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [Bitdefender-Geldbörse-Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-02-24] (Bitdefender)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\Run: [OneDrive] => C:\Users\Bart\AppData\Local\Microsoft\OneDrive\OneDrive.exe [382664 2015-05-22] (Microsoft Corporation)
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {26c1007e-c965-11e4-bf28-8c89a50f65c4} - "E:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {d83f75f8-b06e-11e3-bea1-6c71d9b50274} - "F:\setup.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd9479c3-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\...\MountPoints2: {dd947a2b-b676-11e3-bea6-8c89a50f65c4} - "G:\HTC_Sync_Manager_PC.exe"
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-12-29]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2014-12-29]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk [2013-08-23]
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-02-08]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bart\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bart\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3837407782-1580577728-4138113420-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> DefaultScope {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
SearchScopes: HKU\S-1-5-21-3837407782-1580577728-4138113420-1002 -> {013F9FAA-CDCB-44EF-80C0-422CD4B1CD04} URL =
BHO: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
BHO: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.x64.dll No File
BHO: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.x64.dll No File
BHO-x32: Bitdefender-Geldbörse -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
BHO-x32: MyPrIceCut -> {4b42a4d0-a34c-4818-8de4-8870ed6a06dc} -> C:\Program Files (x86)\MyPrIceCut\lv5ukZhqQoIe6G.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-04-12] (Oracle Corporation)
BHO-x32: MyyPPRIceCut -> {9e3d9863-f09f-4a94-8b3c-79ec6800150d} -> C:\Program Files (x86)\MyyPPRIceCut\Yq0umNqgRGEXPF.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-12] (Oracle Corporation)
Toolbar: HKLM - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-02-24] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender-Geldbörse - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-02-24] (Bitdefender)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\BfLLR.dll [196096 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\BfLLR.dll [216064 2013-05-17] (Bigfoot Networks, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 195.130.130.1 195.130.131.1
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-02-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-12-17]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
Chrome:
=======
CHR Profile: C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-04]
CHR Extension: (Adblock Plus) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-13]
CHR Extension: (Google Search) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-04]
CHR Extension: (Gmail Offline) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-05-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-12-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-05-13]
CHR Extension: (Google Wallet) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Gmail) - C:\Users\Bart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-04]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2015-01-27] (Bitdefender)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [47104 2013-04-26] () []
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2013-08-19] (Realsil Microelectronics Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) []
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [668984 2013-08-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-02-16] (Intel Corporation)
R2 Micro Star SCM; C:\WINDOWS\SysWOW64\MSIService.exe [160768 2009-07-09] (Micro-Star International Co., Ltd.) []
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [154112 2013-02-08] (MSI) []
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-03-22] ()
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [503296 2013-05-17] () []
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-07] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)
S2 9b6ed4d7; "C:\WINDOWS\system32\rundll32.exe" "c:\Program Files (x86)\PragmaEngine\PragmaEngine.dll",serv
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-02-24] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-02-24] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-02-24] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-02-24] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-02-24] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [74096 2013-05-17] (Qualcomm Atheros, Inc.)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-07] (BitDefender LLC)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2013-08-19] (Intel Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2013-05-17] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2013-08-19] (Realtek Semiconductor Corp.)
S3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [532552 2013-08-19] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [106760 2013-12-18] (WIBU-SYSTEMS AG)
S3 WsAudioDevice_383; C:\Windows\system32\drivers\VirtualAudio.sys [31080 2014-07-31] (Wondershare)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
U3 fgrdqpob; \??\C:\Users\Bart\AppData\Local\Temp\fgrdqpob.sys [X]
U3 mbr; \??\C:\Users\Bart\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 01:17 - 2015-05-23 01:17 - 00061886 _____ () C:\Users\Bart\Downloads\Addition.txt
2015-05-23 01:16 - 2015-05-23 01:20 - 00025298 _____ () C:\Users\Bart\Downloads\FRST.txt
2015-05-23 01:15 - 2015-05-23 01:20 - 00000000 ____D () C:\FRST
2015-05-23 01:12 - 2015-05-23 01:13 - 02108416 _____ (Farbar) C:\Users\Bart\Downloads\FRST64.exe
2015-05-23 00:37 - 2015-05-23 00:37 - 00000000 ____H () C:\ProgramData\cm-lock
2015-05-23 00:02 - 2015-05-23 00:02 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bart\Desktop\tdsskiller.exe
2015-05-23 00:01 - 2015-05-23 00:01 - 00089088 _____ () C:\Users\Bart\Desktop\mbr.exe
2015-05-23 00:00 - 2015-05-23 00:00 - 00380416 _____ () C:\Users\Bart\Desktop\iexplorer.exe
2015-05-22 15:34 - 2015-05-22 15:34 - 00000000 ____D () C:\Users\Bart\Desktop\Welcome to AKKA BNL
2015-05-20 21:02 - 2015-05-21 22:18 - 00011842 _____ () C:\Users\Bart\Documents\Sweetie Super Study schedule.xlsx
2015-05-19 11:58 - 2015-05-19 11:58 - 00011170 _____ () C:\Users\Bart\Documents\Sweetie travel calculation.xlsx
2015-05-19 11:44 - 2015-05-19 11:46 - 156936101 _____ () C:\Users\Bart\Downloads\Turbomachinery-2015-05-19.zip
2015-05-16 17:51 - 2015-05-23 00:56 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec.job
2015-05-16 17:51 - 2015-05-23 00:37 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65.job
2015-05-16 17:51 - 2015-05-16 17:51 - 00004046 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d08ff0326bccec
2015-05-16 17:51 - 2015-05-16 17:51 - 00003810 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08ff0316d3d65
2015-05-15 16:41 - 2015-05-22 23:35 - 00000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2015-05-13 17:02 - 2015-05-22 23:28 - 00000000 ___RD () C:\Users\Bart\OneDrive
2015-05-13 11:13 - 2015-05-13 11:13 - 00000000 ____D () C:\Program Files (x86)\DealMMine
2015-05-13 11:12 - 2015-05-19 20:35 - 00000000 ____D () C:\ProgramData\13903649708634143278
2015-05-13 11:12 - 2015-05-13 11:12 - 00000000 ____D () C:\Program Files (x86)\Does Amazon Ship to
2015-05-11 22:36 - 2015-05-11 22:36 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Steam
2015-05-07 14:16 - 2015-05-07 14:16 - 00000000 ____D () C:\Users\Bart\Documents\AKKA
2015-05-05 22:49 - 2015-05-05 23:07 - 479211299 _____ () C:\Users\Bart\Downloads\Go_to_marketing_strategies-2015-05-05.zip
2015-05-05 22:47 - 2015-05-05 22:56 - 222881985 _____ () C:\Users\Bart\Downloads\(Week_6)_CUSTOMER_CENTRICITY_How_Can_Customer_Centricity_Be_Profitable-2015-05-05.zip
2015-05-05 22:46 - 2015-05-05 22:51 - 147903125 _____ () C:\Users\Bart\Downloads\(Week_2)_BRANDING_Customer_Decision_Making_and_the_Role_of_Brand-2015-05-05.zip
2015-05-01 23:21 - 2015-05-22 23:25 - 00000000 ____D () C:\Users\Bart\Downloads\The Equalizer (2014)
2015-04-27 21:37 - 2015-05-11 18:46 - 00000000 ____D () C:\Users\Bart\Downloads\Fury (2014)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-23 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-23 00:59 - 2014-06-26 18:56 - 00004936 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for BART-Bart Bart
2015-05-23 00:59 - 2014-02-04 15:47 - 00000000 ____D () C:\Users\Bart\AppData\Local\CrashDumps
2015-05-23 00:53 - 2014-02-08 18:15 - 00000000 ___RD () C:\Users\Bart\Dropbox
2015-05-23 00:53 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Dropbox
2015-05-23 00:49 - 2014-02-04 16:52 - 00000000 ___DO () C:\Users\Bart\SkyDrive
2015-05-23 00:43 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-23 00:42 - 2014-02-04 14:02 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-23 00:37 - 2015-02-20 19:47 - 00072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2015-05-23 00:37 - 2014-10-03 08:32 - 00003278 _____ () C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2015-05-23 00:37 - 2014-02-04 16:59 - 00001070 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-23 00:37 - 2013-08-23 04:05 - 00000000 ____D () C:\ProgramData\Realtek
2015-05-23 00:37 - 2013-08-23 03:54 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2015-05-23 00:37 - 2013-08-22 16:46 - 00428583 _____ () C:\WINDOWS\setupact.log
2015-05-23 00:36 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-23 00:36 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-05-22 23:55 - 2014-03-09 19:03 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Skype
2015-05-22 23:45 - 2014-02-04 16:30 - 01104810 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-22 23:28 - 2014-07-01 01:01 - 00003086 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3837407782-1580577728-4138113420-1002
2015-05-22 18:06 - 2014-10-10 10:12 - 00000000 ____D () C:\ProgramData\Origin
2015-05-20 22:12 - 2014-02-07 23:25 - 03025920 ___SH () C:\Users\Bart\Downloads\Thumbs.db
2015-05-20 21:10 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Local\Packages
2015-05-20 20:39 - 2014-09-01 10:18 - 00000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-05-20 20:28 - 2014-04-18 11:00 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-19 20:35 - 2014-11-04 23:21 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-19 20:35 - 2014-10-31 14:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-19 20:35 - 2014-03-26 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-19 20:35 - 2014-03-09 19:03 - 00000000 ____D () C:\ProgramData\Skype
2015-05-19 20:35 - 2013-08-23 05:38 - 00000000 ___HD () C:\SuperChargerProfile
2015-05-19 20:34 - 2015-04-17 16:54 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-05-19 20:34 - 2015-04-12 13:00 - 00000000 ____D () C:\Users\Bart\bluej
2015-05-19 20:34 - 2015-04-08 10:43 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-05-19 20:34 - 2015-03-10 23:21 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-05-19 20:34 - 2015-02-24 20:44 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\uTorrent
2015-05-19 20:34 - 2014-02-08 18:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed
2015-05-19 20:34 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-05-19 20:34 - 2013-08-22 15:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-05-19 20:31 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\registration
2015-05-19 20:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-19 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-05-16 18:08 - 2013-08-22 16:44 - 05108416 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 17:02 - 2014-02-04 16:31 - 00000000 ____D () C:\Users\Bart
2015-05-12 15:02 - 2015-04-05 14:39 - 00000000 ____D () C:\Users\Bart\Documents\My Kindle Content
2015-05-12 11:29 - 2014-02-04 13:55 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Adobe
2015-05-11 20:42 - 2014-02-14 13:02 - 00000000 ____D () C:\Users\Bart\Documents\Training
2015-05-09 11:12 - 2014-02-05 21:25 - 00000650 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-05-07 14:20 - 2015-03-16 22:57 - 00000000 ____D () C:\Users\Bart\Documents\Canada
2015-05-03 19:52 - 2014-10-10 10:13 - 00000000 ____D () C:\Users\Bart\AppData\Roaming\Origin
==================== Files in the root of some directories =======
2015-05-15 16:41 - 2015-05-22 23:35 - 0000024 _____ () C:\Users\Bart\AppData\Roaming\appdataFr25.bin
2014-09-01 10:18 - 2014-12-17 19:40 - 0001171 _____ () C:\Users\Bart\AppData\Roaming\DURCKM
2014-09-01 10:18 - 2015-05-20 20:39 - 0000365 _____ () C:\Users\Bart\AppData\Roaming\XKJSF
2015-02-20 19:47 - 2015-05-23 00:37 - 0072880 _____ () C:\Users\Bart\AppData\Local\BTServer.log
2014-12-17 19:26 - 2014-12-17 19:26 - 0577508 _____ () C:\ProgramData\1418837032.bdinstall.bin
2015-05-23 00:37 - 2015-05-23 00:37 - 0000000 ____H () C:\ProgramData\cm-lock
Some files in TEMP:
====================
C:\Users\Bart\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8eyxnp.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-04-14 11:32
==================== End of log ============================