Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by Clarissa (administrator) on CB-PC on 14-04-2015 23:16:09
Running from C:\Users\Clarissa\Downloads
Loaded Profiles: UpdatusUser & Clarissa (Available profiles: UpdatusUser & Clarissa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe
(BitTorrent Inc.) C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => "%ProgramFiles%\Elantech\ETDCtrl.exe"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Google Update] => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-21] (Google Inc.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [f.lux] => "C:\Users\Clarissa\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [uTorrent] => C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2015-02-21] (BitTorrent Inc.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-23] (Valve Corporation)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\MountPoints2: {b012bac6-9026-11e1-aa55-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...=SPFA4805D9-685A-402C-8C49-AB95CE651A1E&SSPV=
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ca/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {435B6687-3288-45C9-8B57-50D75EE49C54} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
BHO-x32: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
Tcpip\..\Interfaces\{D30D985F-7679-4A6A-9F4B-00BBE75C434D}: [NameServer] 208.67.222.222,208.67.220.220
FireFox:
========
FF ProfilePath: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPFA4805D9-685A-402C-8C49-AB95CE651A1E
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: google.ca
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\user.js [2015-04-13]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\bingp.xml [2013-12-26]
FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\trovi-search.xml [2014-07-17]
FF Extension: uTorrentControl2 - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-12-23]
FF Extension: Media Hint - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\mediahint@jetpack.xpi [2013-04-19]
FF Extension: Express Find - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{7ab3cbb3-34f1-440b-b048-404cfae819c0}.xpi [2015-04-13]
FF Extension: Adblock Plus - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.bing.com/", "hxxp://www.google.ca/"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-21]
CHR Extension: (Adblock Plus) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-23]
CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-21]
CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-08-21]
CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-21]
CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-04-14]
CHR Extension: (Google Slides) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-04-14]
CHR Extension: (Show Apps in new tab) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2015-04-14]
CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Clarissa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-08]
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
StartMenuInternet: Google Chrome.HFTPOAJB32K5U4UDDXWYSITFXU - C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-05-31] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-03-24] (IDRIX)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 23:16 - 2015-04-14 23:17 - 00028538 _____ () C:\Users\Clarissa\Downloads\FRST.txt
2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\FRST
2015-04-14 23:15 - 2015-04-14 23:15 - 02096640 _____ (Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe
2015-04-14 22:59 - 2015-04-14 22:59 - 00000000 ___RD () C:\Users\Clarissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-14 22:53 - 2012-03-12 10:24 - 02212656 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-04-14 22:44 - 2015-04-14 22:58 - 00000000 ____D () C:\ProgramData\{dffaaf0d-e292-bfe9-dffa-aaf0de29bc37}
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\ProgramData\9871179244914948475
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\Program Files (x86)\SaLePellus
2015-04-14 22:43 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\lncoagnbedillamfnnlmcamekgacmidn
2015-04-14 22:42 - 2015-04-14 22:44 - 00002211 _____ () C:\Users\Clarissa\Desktop\Everytime.lnk
2015-04-14 22:41 - 2015-04-14 22:41 - 00000000 ____D () C:\ProgramData\{4b84a23a-5316-5cb7-4b84-4a23a53188e9}
2015-04-13 20:21 - 2015-04-13 20:21 - 00000000 ____D () C:\Users\Clarissa\Downloads\Powerpoint 2010 version
2015-04-13 20:08 - 2015-04-13 20:19 - 682329324 _____ () C:\Users\Clarissa\Downloads\Powerpoint 2010 version.rar
2015-04-13 20:05 - 2015-04-13 20:05 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\PowerISO
2015-04-13 19:47 - 2015-04-13 19:47 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\WinRAR
2015-04-13 19:46 - 2015-04-13 19:46 - 01941744 _____ () C:\Users\Clarissa\Downloads\winrar-x64-521.exe
2015-04-13 19:46 - 2015-04-13 19:46 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\OpenCandy
2015-04-13 19:45 - 2015-04-13 19:45 - 02814520 _____ (Power Software Ltd) C:\Users\Clarissa\Downloads\PowerISO6-x64.exe
2015-04-07 19:21 - 2015-04-07 19:22 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-07 19:21 - 2015-04-07 19:21 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-03-24 14:56 - 2015-03-24 15:02 - 00000000 ____D () C:\Users\Clarissa\My Volume
2015-03-24 14:53 - 2015-03-24 14:57 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\VeraCrypt
2015-03-24 14:52 - 2015-03-24 14:52 - 00192344 _____ (IDRIX) C:\windows\system32\Drivers\veracrypt.sys
2015-03-24 14:52 - 2015-03-24 14:52 - 00000847 _____ () C:\Users\Public\Desktop\VeraCrypt.lnk
2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\Program Files\VeraCrypt
2015-03-24 14:51 - 2015-03-24 14:51 - 07670608 _____ (IDRIX) C:\Users\Clarissa\Downloads\VeraCrypt Setup 1.0f-1.exe
2015-03-24 14:46 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-24 14:46 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-21 15:55 - 2015-03-21 15:55 - 02226530 _____ () C:\Users\Clarissa\Downloads\AC002236-Badwal- first final ( ama ).WMA
2015-03-21 15:36 - 2015-03-21 15:36 - 02538738 _____ () C:\Users\Clarissa\Downloads\AC002293- Cheng first final ( ama).WMA
2015-03-21 15:13 - 2015-03-21 15:13 - 02619792 _____ () C:\Users\Clarissa\Downloads\AC002253- Bithow0 first final ( ama ).WMA
2015-03-21 14:27 - 2015-03-21 14:27 - 03049078 _____ () C:\Users\Clarissa\Downloads\AC002282- Bates first final (AMA)).WMA
2015-03-21 13:41 - 2015-03-21 13:41 - 02778898 _____ () C:\Users\Clarissa\Downloads\AC002276- Bentazal- first and final ( AMA).WMA
2015-03-21 13:11 - 2015-03-21 13:11 - 02214522 _____ () C:\Users\Clarissa\Downloads\AC002310- Baker - first and final ( ama).WMA
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 23:15 - 2012-08-06 16:55 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\uTorrent
2015-04-14 23:11 - 2012-07-27 16:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\Skype
2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:04 - 2012-04-27 12:25 - 01581425 _____ () C:\windows\WindowsUpdate.log
2015-04-14 23:00 - 2014-07-08 21:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 23:00 - 2012-04-26 20:29 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-14 22:59 - 2014-07-08 21:24 - 00000000 ___RD () C:\Users\Clarissa\Google Drive
2015-04-14 22:58 - 2015-02-11 21:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 22:57 - 2010-11-20 20:47 - 00669048 _____ () C:\windows\PFRO.log
2015-04-14 22:57 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-14 22:57 - 2009-07-13 21:51 - 00167697 _____ () C:\windows\setupact.log
2015-04-14 22:53 - 2013-12-29 19:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Local\FluxSoftware
2015-04-14 22:53 - 2012-07-27 15:21 - 00000000 ____D () C:\Program Files\Elantech
2015-04-14 22:39 - 2012-08-21 16:32 - 00002376 _____ () C:\Users\Clarissa\Desktop\Google Chrome.lnk
2015-04-14 22:32 - 2012-07-28 22:39 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 21:50 - 2014-07-08 21:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 18:32 - 2012-07-28 22:39 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 18:32 - 2012-07-28 22:39 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 18:32 - 2012-07-28 22:39 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 18:26 - 2012-08-21 16:29 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001Core.job
2015-04-14 18:26 - 2012-04-26 20:29 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-13 20:07 - 2014-02-18 00:59 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\dvdcss
2015-04-13 20:07 - 2013-03-29 21:44 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\vlc
2015-04-12 17:20 - 2009-07-13 22:13 - 00783376 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-03 02:32 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Clarissa\Documents\Personal Projects
2015-04-02 18:48 - 2012-11-01 14:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-02 18:48 - 2012-07-27 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 22:24 - 2014-12-11 00:53 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-26 22:24 - 2014-05-06 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-24 14:56 - 2012-07-27 15:16 - 00000000 ____D () C:\Users\Clarissa
2015-03-21 13:40 - 2014-03-27 14:11 - 00000000 ____D () C:\Users\Clarissa\Documents\Diana Insurance
==================== Files in the root of some directories =======
2015-04-14 22:46 - 2015-04-14 22:51 - 0011668 _____ () C:\Users\Clarissa\AppData\Local\Temp-log.txt
2012-04-26 21:46 - 2012-04-26 21:47 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-26 21:41 - 2012-04-26 21:42 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-04-26 21:44 - 2012-04-26 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-26 21:42 - 2012-04-26 21:44 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-04-26 21:45 - 2012-04-26 21:46 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Some content of TEMP:
====================
C:\Users\Clarissa\AppData\Local\Temp\5260.exe
C:\Users\Clarissa\AppData\Local\Temp\tf00294823.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-10 19:13
==================== End Of Log ============================
Ran by Clarissa (administrator) on CB-PC on 14-04-2015 23:16:09
Running from C:\Users\Clarissa\Downloads
Loaded Profiles: UpdatusUser & Clarissa (Available profiles: UpdatusUser & Clarissa)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe
(BitTorrent Inc.) C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020064 2012-02-13] (Atheros Commnucations)
HKLM\...\Run: [ETDCtrl] => "%ProgramFiles%\Elantech\ETDCtrl.exe"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12460136 2012-03-29] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-01] (CyberLink)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-05-31] (Symantec Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336 2010-09-19] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE -startup
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Google Update] => C:\Users\Clarissa\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-21] (Google Inc.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [f.lux] => "C:\Users\Clarissa\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [uTorrent] => C:\Users\Clarissa\AppData\Roaming\uTorrent\uTorrent.exe [1142864 2015-02-21] (BitTorrent Inc.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888896 2015-03-23] (Valve Corporation)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\...\MountPoints2: {b012bac6-9026-11e1-aa55-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\System32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260928 2012-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-25] (NVIDIA Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3...=SPFA4805D9-685A-402C-8C49-AB95CE651A1E&SSPV=
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
HKU\S-1-5-21-2011991932-2341434188-910287483-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.ca/
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...-402C-8C49-AB95CE651A1E&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {435B6687-3288-45C9-8B57-50D75EE49C54} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2011991932-2341434188-910287483-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.x64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-11] (Oracle Corporation)
BHO-x32: bestadblocker -> {7afa7aca-6e3f-45c5-92e0-079f2365b656} -> C:\Program Files (x86)\bestadblocker\BGuFWZ7RPB4IYd.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-02-13] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-11] (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 64.59.168.13 64.59.168.15 64.59.174.84
Tcpip\..\Interfaces\{D30D985F-7679-4A6A-9F4B-00BBE75C434D}: [NameServer] 208.67.222.222,208.67.220.220
FireFox:
========
FF ProfilePath: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default
FF NewTab: hxxp://search.conduit.com/?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=4&UP=SPFA4805D9-685A-402C-8C49-AB95CE651A1E
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Google
FF Homepage: google.ca
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-12-12] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-2011991932-2341434188-910287483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Clarissa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF user.js: detected! => C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\user.js [2015-04-13]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-06] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-06] (Apple Inc.)
FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\bingp.xml [2013-12-26]
FF SearchPlugin: C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\searchplugins\trovi-search.xml [2014-07-17]
FF Extension: uTorrentControl2 - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2013-12-23]
FF Extension: Media Hint - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\mediahint@jetpack.xpi [2013-04-19]
FF Extension: Express Find - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{7ab3cbb3-34f1-440b-b048-404cfae819c0}.xpi [2015-04-13]
FF Extension: Adblock Plus - C:\Users\Clarissa\AppData\Roaming\Mozilla\Firefox\Profiles\0ss2fzhe.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-22]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-28]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> https://www.google.ca/
CHR StartupUrls: Default -> "hxxp://www.bing.com/", "hxxp://www.google.ca/"
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-21]
CHR Extension: (Adblock Plus) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-23]
CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-08-21]
CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2012-08-21]
CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-21]
CHR Profile: C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Ask Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaaaaiabcopkplhgaedhbloeejhhankf [2015-04-14]
CHR Extension: (Google Slides) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-14]
CHR Extension: (Google Docs) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-14]
CHR Extension: (Google Drive) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-14]
CHR Extension: (YouTube) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-14]
CHR Extension: (Google Search) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-14]
CHR Extension: (Google Sheets) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2015-04-14]
CHR Extension: (Show Apps in new tab) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip [2015-04-14]
CHR Extension: (uTorrentControl2) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc [2015-04-14]
CHR Extension: (Gmail) - C:\Users\Clarissa\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-14]
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Clarissa\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-07-08]
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2011991932-2341434188-910287483-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Clarissa\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx [2012-07-15]
StartMenuInternet: Google Chrome.HFTPOAJB32K5U4UDDXWYSITFXU - C:\Users\Clarissa\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [106144 2012-02-13] (Atheros Commnucations) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-05-31] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2012-02-13] (Atheros) [File not signed]
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-03-24] (IDRIX)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 23:16 - 2015-04-14 23:17 - 00028538 _____ () C:\Users\Clarissa\Downloads\FRST.txt
2015-04-14 23:16 - 2015-04-14 23:16 - 00000000 ____D () C:\FRST
2015-04-14 23:15 - 2015-04-14 23:15 - 02096640 _____ (Farbar) C:\Users\Clarissa\Downloads\FARBAR RECOVERY.exe
2015-04-14 22:59 - 2015-04-14 22:59 - 00000000 ___RD () C:\Users\Clarissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-04-14 22:53 - 2012-03-12 10:24 - 02212656 _____ (ELAN Microelectronics Corp.) C:\windows\ETDUninst.dll
2015-04-14 22:44 - 2015-04-14 22:58 - 00000000 ____D () C:\ProgramData\{dffaaf0d-e292-bfe9-dffa-aaf0de29bc37}
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\ProgramData\9871179244914948475
2015-04-14 22:44 - 2015-04-14 22:44 - 00000000 ____D () C:\Program Files (x86)\SaLePellus
2015-04-14 22:43 - 2015-04-14 22:43 - 00000000 ____D () C:\ProgramData\lncoagnbedillamfnnlmcamekgacmidn
2015-04-14 22:42 - 2015-04-14 22:44 - 00002211 _____ () C:\Users\Clarissa\Desktop\Everytime.lnk
2015-04-14 22:41 - 2015-04-14 22:41 - 00000000 ____D () C:\ProgramData\{4b84a23a-5316-5cb7-4b84-4a23a53188e9}
2015-04-13 20:21 - 2015-04-13 20:21 - 00000000 ____D () C:\Users\Clarissa\Downloads\Powerpoint 2010 version
2015-04-13 20:08 - 2015-04-13 20:19 - 682329324 _____ () C:\Users\Clarissa\Downloads\Powerpoint 2010 version.rar
2015-04-13 20:05 - 2015-04-13 20:05 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\PowerISO
2015-04-13 19:47 - 2015-04-13 19:47 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\WinRAR
2015-04-13 19:46 - 2015-04-13 19:46 - 01941744 _____ () C:\Users\Clarissa\Downloads\winrar-x64-521.exe
2015-04-13 19:46 - 2015-04-13 19:46 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\OpenCandy
2015-04-13 19:45 - 2015-04-13 19:45 - 02814520 _____ (Power Software Ltd) C:\Users\Clarissa\Downloads\PowerISO6-x64.exe
2015-04-07 19:21 - 2015-04-07 19:22 - 00000000 ___SD () C:\windows\system32\GWX
2015-04-07 19:21 - 2015-04-07 19:21 - 00000000 ___SD () C:\windows\SysWOW64\GWX
2015-03-24 14:56 - 2015-03-24 15:02 - 00000000 ____D () C:\Users\Clarissa\My Volume
2015-03-24 14:53 - 2015-03-24 14:57 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\VeraCrypt
2015-03-24 14:52 - 2015-03-24 14:52 - 00192344 _____ (IDRIX) C:\windows\system32\Drivers\veracrypt.sys
2015-03-24 14:52 - 2015-03-24 14:52 - 00000847 _____ () C:\Users\Public\Desktop\VeraCrypt.lnk
2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2015-03-24 14:52 - 2015-03-24 14:52 - 00000000 ____D () C:\Program Files\VeraCrypt
2015-03-24 14:51 - 2015-03-24 14:51 - 07670608 _____ (IDRIX) C:\Users\Clarissa\Downloads\VeraCrypt Setup 1.0f-1.exe
2015-03-24 14:46 - 2015-03-10 21:06 - 00943616 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00760832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-24 14:46 - 2015-03-10 21:06 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-24 14:46 - 2015-03-10 21:05 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-24 14:46 - 2015-03-10 21:02 - 01107456 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-21 15:55 - 2015-03-21 15:55 - 02226530 _____ () C:\Users\Clarissa\Downloads\AC002236-Badwal- first final ( ama ).WMA
2015-03-21 15:36 - 2015-03-21 15:36 - 02538738 _____ () C:\Users\Clarissa\Downloads\AC002293- Cheng first final ( ama).WMA
2015-03-21 15:13 - 2015-03-21 15:13 - 02619792 _____ () C:\Users\Clarissa\Downloads\AC002253- Bithow0 first final ( ama ).WMA
2015-03-21 14:27 - 2015-03-21 14:27 - 03049078 _____ () C:\Users\Clarissa\Downloads\AC002282- Bates first final (AMA)).WMA
2015-03-21 13:41 - 2015-03-21 13:41 - 02778898 _____ () C:\Users\Clarissa\Downloads\AC002276- Bentazal- first and final ( AMA).WMA
2015-03-21 13:11 - 2015-03-21 13:11 - 02214522 _____ () C:\Users\Clarissa\Downloads\AC002310- Baker - first and final ( ama).WMA
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-14 23:15 - 2012-08-06 16:55 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\uTorrent
2015-04-14 23:11 - 2012-07-27 16:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\Skype
2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:08 - 2009-07-13 21:45 - 00028848 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:04 - 2012-04-27 12:25 - 01581425 _____ () C:\windows\WindowsUpdate.log
2015-04-14 23:00 - 2014-07-08 21:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 23:00 - 2012-04-26 20:29 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-14 22:59 - 2014-07-08 21:24 - 00000000 ___RD () C:\Users\Clarissa\Google Drive
2015-04-14 22:58 - 2015-02-11 21:40 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-14 22:57 - 2010-11-20 20:47 - 00669048 _____ () C:\windows\PFRO.log
2015-04-14 22:57 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-14 22:57 - 2009-07-13 21:51 - 00167697 _____ () C:\windows\setupact.log
2015-04-14 22:53 - 2013-12-29 19:19 - 00000000 ____D () C:\Users\Clarissa\AppData\Local\FluxSoftware
2015-04-14 22:53 - 2012-07-27 15:21 - 00000000 ____D () C:\Program Files\Elantech
2015-04-14 22:39 - 2012-08-21 16:32 - 00002376 _____ () C:\Users\Clarissa\Desktop\Google Chrome.lnk
2015-04-14 22:32 - 2012-07-28 22:39 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-14 21:50 - 2014-07-08 21:22 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 18:32 - 2012-07-28 22:39 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 18:32 - 2012-07-28 22:39 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 18:32 - 2012-07-28 22:39 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-04-14 18:26 - 2012-08-21 16:29 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011991932-2341434188-910287483-1001Core.job
2015-04-14 18:26 - 2012-04-26 20:29 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-13 20:07 - 2014-02-18 00:59 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\dvdcss
2015-04-13 20:07 - 2013-03-29 21:44 - 00000000 ____D () C:\Users\Clarissa\AppData\Roaming\vlc
2015-04-12 17:20 - 2009-07-13 22:13 - 00783376 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-03 02:32 - 2014-06-05 22:29 - 00000000 ____D () C:\Users\Clarissa\Documents\Personal Projects
2015-04-02 18:48 - 2012-11-01 14:07 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-04-02 18:48 - 2012-07-27 15:22 - 00000000 ____D () C:\ProgramData\Skype
2015-03-26 22:24 - 2014-12-11 00:53 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-26 22:24 - 2014-05-06 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-24 14:56 - 2012-07-27 15:16 - 00000000 ____D () C:\Users\Clarissa
2015-03-21 13:40 - 2014-03-27 14:11 - 00000000 ____D () C:\Users\Clarissa\Documents\Diana Insurance
==================== Files in the root of some directories =======
2015-04-14 22:46 - 2015-04-14 22:51 - 0011668 _____ () C:\Users\Clarissa\AppData\Local\Temp-log.txt
2012-04-26 21:46 - 2012-04-26 21:47 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-26 21:41 - 2012-04-26 21:42 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2012-04-26 21:44 - 2012-04-26 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-26 21:42 - 2012-04-26 21:44 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2012-04-26 21:45 - 2012-04-26 21:46 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
Some content of TEMP:
====================
C:\Users\Clarissa\AppData\Local\Temp\5260.exe
C:\Users\Clarissa\AppData\Local\Temp\tf00294823.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-10 19:13
==================== End Of Log ============================