Untitled

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by lolnoram (administrator) on BENM-PC (14-12-2015 20:35:53)
Running from C:\Users\lolnoram\Downloads
Loaded Profiles: lolnoram &  (Available Profiles: Ben M & Drew & lolnoram & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(1206 Lab) C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe
(OpenVPN Technologies, Inc) C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptcore.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncservice.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes Corp.) C:\Users\lolnoram\Downloads\mbar-1.09.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes) C:\mbar\mbar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\lolnoram\Downloads\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\osk.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-04-03] (Google Inc.)
HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31087200 2015-01-23] (Skype Technologies S.A.)
HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Facebook Update] => "C:\Users\Ben M\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPSON SX430 Series] => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [osk.exe] => C:\windows\system32\osk.exe [692736 2014-06-18] (Microsoft Corporation)
HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Mystify.scr [242688 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-21-728148453-1673340213-1726226681-1011\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-728148453-1673340213-1726226681-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1	localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1D867B72-DDAD-45D9-98AB-5D55485FD25D}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-728148453-1673340213-1726226681-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
HKU\S-1-5-21-728148453-1673340213-1726226681-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
SearchScopes: HKLM -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {BA1BE292-1D15-488B-934D-008742212380} URL =
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {5FFCB424-9BCC-4B73-8E4C-BD71DC4AF5C6} URL = hxxps://uk.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGQ_enGB495
SearchScopes: HKU\S-1-5-21-728148453-1673340213-1726226681-1011-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
SearchScopes: HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7XXXX
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-24] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-03-25] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Ben M\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Ben M\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Ben M\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ben M\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-21] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Drew\AppData\Local\Roblox\Versions\version-ca1947e082c941f9\\NPRobloxProxy.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Drew\AppData\Local\Roblox\Versions\version-ca1947e082c941f9\\NPRobloxProxy64.dll [2012-12-31] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-728148453-1673340213-1726226681-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Drew\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-11] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=DSGQ&bmod=DSGQ"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-13]
CHR Extension: (Google Drive) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
CHR Extension: (YouTube) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
CHR Extension: (Google Search) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-13]
CHR Extension: (Gmail) - C:\Users\lolnoram\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-13]
CHR HKU\S-1-5-21-728148453-1673340213-1726226681-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [599944 2014-12-05] (Autodesk Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417400 2015-10-08] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [855672 2015-10-08] (BlueStack Systems, Inc.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [970016 2011-05-12] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-15] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\windows\SysWOW64\EasyAntiCheat.exe [238376 2015-08-09] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2505472 2015-10-09] (ESET)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 FastbootService; C:\Program Files (x86)\Lenovo\Rapidboot\FBService.exe [199264 2011-12-16] (1206 Lab)
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [40999448 2008-07-10] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2015-01-29] (OpenVPN Technologies, Inc)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-09-21] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [369688 2008-07-10] (Microsoft Corporation)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-28] (RealVNC Ltd)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49752 2015-10-24] (Zemana Ltd.)
R3 ATIAVPCI; C:\Windows\System32\DRIVERS\Yatinavrr.SYS [1444736 2010-08-09] (ATI Technologies Inc.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-10-08] (BlueStack Systems)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-05-12] (Broadcom Corporation.)
S3 CV2K1; C:\Windows\System32\DRIVERS\cv2k1.sys [21608 2012-10-06] (TamoSoft)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264040 2015-07-30] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [186784 2015-07-30] (ESET)
R3 EloMTUsb; C:\Windows\System32\DRIVERS\EloMTUsb.sys [56912 2010-12-28] ()
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [170792 2015-07-30] (ESET)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [69216 2011-12-16] (Windows (R) Win 7 DDK provider)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-12-14] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-12-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1328128 2013-02-07] (C-Media Electronics Inc)
R3 ptun0901; C:\Windows\System32\DRIVERS\ptun0901.sys [27136 2015-01-26] (The OpenVPN Project)
S4 RAMDiskVE; C:\Windows\System32\Drivers\RAMDiskVE.sys [86680 2015-10-14] (Dataram, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [191624 2015-09-21] (Sandboxie Holdings, LLC)
R3 semav6msr64; C:\windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2015-01-19] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-14] ()
R3 TSCOMM; C:\Windows\System32\DRIVERS\tscomm.sys [47304 2014-04-01] (TamoSoft)
S3 TsVlb; C:\Windows\System32\DRIVERS\tsvlb.sys [22120 2012-10-06] (TamoSoft)
R1 TsVp; C:\Windows\System32\DRIVERS\tsvp.sys [26256 2012-10-06] (TamoSoft)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [195416 2015-10-14] (IDRIX)
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [251648 2011-09-02] (Vimicro Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-23] (Nicomsoft Ltd.)
S1 netfilter64; system32\drivers\netfilter64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 20:24 - 2015-12-14 20:24 - 00008076 _____ C:\Users\lolnoram\Desktop\RogueKiller.txt
2015-12-14 19:05 - 2015-12-14 19:05 - 12847307 _____ C:\Users\lolnoram\Downloads\Visually Speaking Spanish - Level 2.zip
2015-12-14 18:27 - 2015-12-14 18:27 - 00179466 _____ C:\Users\lolnoram\Documents\cc_20151214_182708.reg
2015-12-14 18:26 - 2015-12-14 18:26 - 00030848 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-12-14 18:26 - 2015-12-14 18:26 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-14 18:25 - 2015-12-14 18:25 - 20834376 _____ C:\Users\lolnoram\Downloads\RogueKiller.exe
2015-12-14 18:02 - 2015-12-14 18:02 - 00000000 ____D C:\mbar
2015-12-14 17:56 - 2015-12-14 18:08 - 00084304 _____ C:\Users\lolnoram\Downloads\Addition.txt
2015-12-14 17:56 - 2015-12-14 17:56 - 16563352 _____ (Malwarebytes Corp.) C:\Users\lolnoram\Downloads\mbar-1.09.3.1001.exe
2015-12-14 17:54 - 2015-12-14 20:35 - 00035617 _____ C:\Users\lolnoram\Downloads\FRST.txt
2015-12-14 17:54 - 2015-12-14 20:35 - 00000000 ____D C:\FRST
2015-12-14 17:52 - 2015-12-14 17:52 - 02369536 _____ (Farbar) C:\Users\lolnoram\Downloads\FRST64.exe
2015-12-14 17:51 - 2015-12-14 17:51 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\Sun
2015-12-14 17:51 - 2015-12-14 17:51 - 00000000 ____D C:\Users\lolnoram\AppData\LocalLow\Sun
2015-12-14 16:26 - 2015-12-14 16:30 - 00000000 ____D C:\Users\lolnoram\Documents\Youcam
2015-12-14 16:26 - 2015-12-14 16:26 - 00061688 _____ C:\Users\lolnoram\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-14 16:26 - 2015-12-14 16:26 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\CyberLink
2015-12-14 16:26 - 2015-12-14 16:26 - 00000000 ____D C:\Users\lolnoram\AppData\Local\CyberLink
2015-12-14 15:56 - 2015-12-14 15:56 - 03207492 _____ C:\Users\lolnoram\Downloads\ninja.webm
2015-12-14 15:39 - 2015-12-14 15:39 - 02644534 _____ C:\Users\lolnoram\Downloads\ninjaturtles.webm
2015-12-13 22:50 - 2015-12-13 22:50 - 00000000 ____D C:\Users\lolnoram\.runiqueprefs
2015-12-13 22:08 - 2015-12-14 16:05 - 00000000 ____D C:\Users\lolnoram\runique_v2
2015-12-13 22:08 - 2015-12-13 22:50 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\runique2
2015-12-13 22:08 - 2015-12-13 22:08 - 01408044 _____ C:\Users\lolnoram\Downloads\Runique.jar
2015-12-13 22:08 - 2015-12-13 22:08 - 01408044 _____ C:\Users\lolnoram\Desktop\Runique.jar
2015-12-13 19:44 - 2015-12-13 19:44 - 00000000 ____D C:\Users\lolnoram\AppData\Local\GWX
2015-12-13 18:20 - 2015-12-13 18:20 - 00000000 ____D C:\Users\lolnoram\Documents\SciTE
2015-12-13 18:17 - 2015-12-13 18:17 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\WinRAR
2015-12-13 18:15 - 2015-12-13 18:21 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\Notepad++
2015-12-13 16:40 - 2015-12-13 16:57 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\.technic
2015-12-13 16:40 - 2015-12-13 16:40 - 00000000 ____D C:\Users\lolnoram\.oracle_jre_usage
2015-12-13 16:40 - 2015-12-13 16:39 - 04757856 _____ () C:\Users\lolnoram\Desktop\TechnicLauncher.exe
2015-12-13 16:32 - 2015-12-13 16:32 - 00000000 ____D C:\Users\lolnoram\AppData\Local\Dropbox
2015-12-13 16:18 - 2015-12-13 16:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-13 15:11 - 2015-12-14 16:13 - 00000000 ____D C:\Users\lolnoram\AppData\Local\Google
2015-12-13 15:11 - 2015-12-13 22:50 - 00000000 ____D C:\Users\lolnoram
2015-12-13 15:11 - 2015-12-13 16:11 - 00002255 _____ C:\Users\lolnoram\Desktop\Google Chrome.lnk
2015-12-13 15:11 - 2015-12-13 15:11 - 00001413 _____ C:\Users\lolnoram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 15:11 - 2015-12-13 15:11 - 00000258 __RSH C:\Users\lolnoram\ntuser.pol
2015-12-13 15:11 - 2015-12-13 15:11 - 00000020 ___SH C:\Users\lolnoram\ntuser.ini
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 _SHDL C:\Users\lolnoram\My Documents
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 _SHDL C:\Users\lolnoram\Documents\My Videos
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 _SHDL C:\Users\lolnoram\Documents\My Pictures
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 _SHDL C:\Users\lolnoram\Documents\My Music
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\Adobe
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 ____D C:\Users\lolnoram\AppData\Local\VirtualStore
2015-12-13 15:11 - 2015-12-13 15:11 - 00000000 ____D C:\Users\lolnoram\AppData\Local\RealVNC
2015-12-13 15:11 - 2015-10-11 20:32 - 00000000 ____D C:\Users\lolnoram\AppData\Local\Bulents
2015-12-13 15:11 - 2015-04-05 00:05 - 00002100 _____ C:\Users\lolnoram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-12-13 15:11 - 2015-03-21 12:21 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\TuneUp Software
2015-12-13 15:11 - 2015-02-28 19:26 - 00000000 ____D C:\Users\lolnoram\Documents\Visual Studio 2008
2015-12-13 15:11 - 2015-02-28 19:26 - 00000000 ____D C:\Users\lolnoram\AppData\Local\Microsoft Help
2015-12-13 15:11 - 2012-04-02 23:49 - 00002149 _____ C:\Users\lolnoram\Desktop\Lenovo Rescue System.lnk
2015-12-13 15:11 - 2012-04-02 23:49 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-12-13 15:11 - 2012-04-02 23:48 - 00002022 _____ C:\Users\lolnoram\Desktop\Lenovo Power2Go.lnk
2015-12-13 15:11 - 2011-02-15 10:41 - 00000000 ____D C:\Users\lolnoram\AppData\Roaming\Media Center Programs
2015-12-13 14:38 - 2015-12-13 14:38 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-13 14:33 - 2015-12-13 14:33 - 00000000 ____D C:\ProgramData\Apple
2015-12-13 14:32 - 2015-12-13 14:32 - 00000000 ____D C:\ProgramData\Autodesk
2015-12-12 18:51 - 2015-11-20 18:54 - 03170304 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 02609152 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00709632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-12 18:51 - 2015-11-20 18:54 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-12 18:51 - 2015-11-20 18:54 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-12 18:51 - 2015-11-20 18:54 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-12-12 18:51 - 2015-11-20 18:34 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-12-12 18:51 - 2015-11-20 18:34 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-12-12 18:51 - 2015-11-20 18:34 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-12-12 18:51 - 2015-11-20 18:34 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-12-12 18:51 - 2015-11-20 18:33 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-12-12 18:47 - 2015-11-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-12-12 18:47 - 2015-11-05 19:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-12-12 18:46 - 2015-11-03 19:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-12-12 18:46 - 2015-11-03 18:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-12-12 18:43 - 2015-11-10 18:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-12-12 18:43 - 2015-11-10 18:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-12-12 18:43 - 2015-11-10 18:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2015-12-12 18:43 - 2015-11-10 18:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-12-12 18:43 - 2015-11-10 18:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2015-12-12 18:43 - 2015-11-10 17:47 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-12-12 18:43 - 2015-11-05 19:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2015-12-12 18:43 - 2015-11-05 19:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2015-12-12 18:43 - 2015-11-05 09:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2015-12-12 18:42 - 2015-11-11 18:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2015-12-12 18:42 - 2015-11-11 18:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2015-12-12 18:42 - 2015-11-11 18:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2015-12-12 18:42 - 2015-11-11 18:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2015-12-12 18:32 - 2015-10-13 16:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-12-12 18:32 - 2015-10-13 16:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-12-12 18:18 - 2015-10-13 04:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-12-12 18:12 - 2015-11-11 21:12 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-12-12 18:12 - 2015-11-11 20:52 - 00341192 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-12-12 18:12 - 2015-11-11 16:21 - 25837568 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-12-12 18:12 - 2015-11-11 16:00 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-12-12 18:12 - 2015-11-11 15:44 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-12-12 18:12 - 2015-11-11 15:44 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-12-12 18:12 - 2015-11-11 15:41 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-12-12 18:12 - 2015-11-11 15:12 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-12-12 18:12 - 2015-11-11 14:57 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-12-12 18:12 - 2015-11-10 00:24 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-12-12 18:12 - 2015-11-10 00:13 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-12-12 18:12 - 2015-11-10 00:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-12-12 18:12 - 2015-11-10 00:12 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-12-12 18:12 - 2015-11-10 00:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-12-12 18:12 - 2015-11-10 00:11 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-12-12 18:12 - 2015-11-10 00:08 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-12-12 18:12 - 2015-11-10 00:06 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-12-12 18:12 - 2015-11-10 00:06 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-12-12 18:12 - 2015-11-10 00:04 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-12-12 18:12 - 2015-11-10 00:03 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-12-12 18:12 - 2015-11-10 00:02 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-12-12 18:12 - 2015-11-10 00:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-12-12 18:12 - 2015-11-09 23:50 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-12 18:12 - 2015-11-09 23:47 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-12-12 18:12 - 2015-11-09 23:46 - 04514816 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-12-12 18:12 - 2015-11-09 23:44 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-12-12 18:12 - 2015-11-09 23:37 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-12-12 18:12 - 2015-11-09 23:36 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-12-12 18:12 - 2015-11-09 23:36 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-12-12 18:12 - 2015-11-09 23:35 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-12-12 18:12 - 2015-11-09 23:17 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-12-12 18:12 - 2015-11-09 23:14 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-12-12 18:12 - 2015-11-09 23:12 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-12-12 18:12 - 2015-11-08 22:33 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-12-12 18:12 - 2015-11-08 22:32 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-12-12 18:12 - 2015-11-08 22:16 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-12-12 18:12 - 2015-11-08 22:15 - 02887168 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-12-12 18:12 - 2015-11-08 22:15 - 00571392 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-12-12 18:12 - 2015-11-08 22:15 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-12-12 18:12 - 2015-11-08 22:15 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-12-12 18:12 - 2015-11-08 22:14 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-12-12 18:12 - 2015-11-08 22:07 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-12-12 18:12 - 2015-11-08 22:06 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-12-12 18:12 - 2015-11-08 22:04 - 05923840 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-12-12 18:12 - 2015-11-08 22:02 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-12-12 18:12 - 2015-11-08 22:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-12-12 18:12 - 2015-11-08 22:01 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-12-12 18:12 - 2015-11-08 22:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-12-12 18:12 - 2015-11-08 22:01 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-12-12 18:12 - 2015-11-08 21:52 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-12-12 18:12 - 2015-11-08 21:48 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-12-12 18:12 - 2015-11-08 21:40 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-12-12 18:12 - 2015-11-08 21:35 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-12-12 18:12 - 2015-11-08 21:32 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-12-12 18:12 - 2015-11-08 21:29 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-12-12 18:12 - 2015-11-08 21:18 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-12-12 18:12 - 2015-11-08 21:15 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-12-12 18:12 - 2015-11-08 21:15 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-12-12 18:12 - 2015-11-08 21:14 - 14456832 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-12-12 18:12 - 2015-11-08 21:14 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-12-12 18:12 - 2015-11-08 21:13 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-12-12 18:12 - 2015-11-08 20:53 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-12-12 18:12 - 2015-11-08 20:41 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-12-12 18:12 - 2015-11-08 20:30 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-12-12 18:08 - 2015-11-03 19:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2015-12-12 18:08 - 2015-11-03 18:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2015-12-12 17:58 - 2015-10-01 18:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-12-12 17:58 - 2015-10-01 18:00 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-12-12 17:58 - 2015-10-01 17:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-12-12 17:41 - 2015-12-12 17:41 - 01116281 _____ C:\Users\Drew\Downloads\SPC-1.6.4.jar
2015-12-12 17:41 - 2015-12-12 17:41 - 01116281 _____ C:\Users\Drew\Desktop\SPC-1.6.4.jar
2015-12-12 17:33 - 2015-12-12 17:33 - 04757856 _____ () C:\Users\Drew\Downloads\TechnicLauncher.exe
2015-12-12 17:33 - 2015-12-12 17:33 - 04757856 _____ () C:\Users\Drew\Desktop\TechnicLauncher.exe
2015-12-12 17:14 - 2015-12-12 17:14 - 02729464 _____ (Microsoft Corporation) C:\Users\Drew\Downloads\vbsetup.exe
2015-12-12 16:13 - 2015-12-12 23:56 - 00001058 _____ C:\Users\Drew\Desktop\nativelog.txt
2015-12-12 16:13 - 2015-12-12 16:13 - 01247112 _____ (Mojang) C:\Users\Drew\Desktop\Minecraft.exe
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ____D C:\Users\Drew\Desktop\runtime
2015-12-12 16:13 - 2015-12-12 16:13 - 00000000 ____D C:\Users\Drew\Desktop\game
2015-12-12 00:52 - 2015-12-12 00:52 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-12 00:52 - 2015-12-12 00:52 - 00000408 _____ C:\windows\Tasks\Opera scheduled Autoupdate 1449881531.job
2015-12-12 00:52 - 2015-12-12 00:52 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Opera Software
2015-12-12 00:52 - 2015-12-12 00:52 - 00000000 ____D C:\Users\Drew\AppData\Local\Opera Software
2015-12-12 00:51 - 2015-12-12 00:51 - 00002056 _____ C:\Users\Public\Desktop\FL Studio 12 (64bit).lnk
2015-12-12 00:51 - 2015-12-12 00:51 - 00002056 _____ C:\Users\Drew\Desktop\FL Studio 12 (64bit).lnk
2015-12-12 00:51 - 2015-12-12 00:51 - 00002040 _____ C:\Users\Public\Desktop\FL Studio 12.lnk
2015-12-12 00:51 - 2015-12-12 00:51 - 00002040 _____ C:\Users\Drew\Desktop\FL Studio 12.lnk
2015-12-12 00:51 - 2015-12-12 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-12 00:47 - 2015-12-12 00:47 - 00000130 _____ C:\Users\Drew\Desktop\FL studio keys.txt
2015-12-11 21:41 - 2015-12-11 21:41 - 01407314 _____ C:\Users\Drew\Desktop\Runique.jar
2015-12-11 20:24 - 2015-12-11 20:24 - 04757856 _____ () C:\Users\Desktop\TechnicLauncher.exe
2015-12-10 17:29 - 2015-11-26 16:52 - 00001067 _____ C:\Users\Desktop\cipher.py
2015-12-10 17:09 - 2015-12-10 18:17 - 00001433 _____ C:\Users\Desktop\array.py
2015-12-10 16:56 - 2015-12-10 16:56 - 00000000 _____ C:\Users\Desktop\New Text Document.txt
2015-12-09 23:18 - 2015-12-09 23:18 - 00135118 _____ C:\Users\Desktop\engine.wav
2015-12-09 22:19 - 2015-12-09 22:19 - 00353014 _____ C:\Users\Desktop\welcome.wav
2015-12-09 22:19 - 2015-12-09 22:19 - 00353014 _____ C:\Users\Desktop\error.wav
2015-12-09 22:11 - 2015-12-10 15:43 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-12-09 22:11 - 2015-12-09 22:11 - 00001007 _____ C:\Users\Desktop\SpeedFan.lnk
2015-12-09 22:11 - 2015-12-09 22:11 - 00000045 _____ C:\windows\SysWOW64\initdebug.nfo
2015-12-09 22:11 - 2015-12-09 22:11 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-12-09 20:55 - 2015-12-09 20:55 - 00224075 _____ C:\Users\Desktop\aasf.flp
2015-12-08 20:11 - 2015-05-11 12:56 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\Desktop\procexp.exe
2015-12-08 20:10 - 2015-12-08 20:10 - 00000000 ____D C:\Users\Desktop\Files
2015-12-08 18:57 - 2015-12-08 18:58 - 02778128 _____ C:\Users\Desktop\kappa.zip
2015-12-07 21:59 - 2015-12-07 22:08 - 00000076 _____ C:\Users\Desktop\abc.txt
2015-12-07 18:43 - 2015-12-07 18:43 - 00255426 _____ C:\Users\Desktop\Custom cursor pack.rar
2015-12-07 18:39 - 2015-12-07 18:39 - 00000740 _____ C:\Users\Desktop\Start Tor Browser.lnk
2015-12-07 18:39 - 2015-12-07 18:39 - 00000000 ____D C:\Users\Desktop\Tor Browser
2015-12-07 15:37 - 2015-12-07 15:36 - 00002342 _____ C:\Users\Desktop\Holgate Academy (3).RDP
2015-12-06 00:35 - 2015-12-06 00:35 - 00001031 _____ C:\Users\Desktop\HTTrack Website Copier.lnk
2015-12-06 00:35 - 2015-12-06 00:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinHTTrack
2015-12-06 00:35 - 2015-12-06 00:35 - 00000000 ____D C:\Program Files (x86)\WinHTTrack
2015-12-05 17:08 - 2015-12-05 17:08 - 00000000 ____D C:\Users\Drew\.runiqueprefs
2015-12-05 13:24 - 2015-12-10 23:34 - 00000686 _____ C:\Users\Desktop\runique_anims.txt
2015-12-05 13:22 - 2015-12-12 14:03 - 00000000 ____D C:\Users\Drew\runique_v2
2015-12-05 13:22 - 2015-12-05 18:08 - 00000000 ____D C:\Users\Drew\AppData\Roaming\runique2
2015-12-03 22:44 - 2015-12-03 22:44 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-03 22:44 - 2015-12-03 22:44 - 00001147 _____ C:\Users\Desktop\Mozilla Firefox.lnk
2015-12-03 22:44 - 2015-12-03 22:44 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Mozilla
2015-12-03 22:44 - 2015-12-03 22:44 - 00000000 ____D C:\Users\Drew\AppData\Local\Mozilla
2015-12-03 22:43 - 2015-12-03 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-03 22:43 - 2015-12-03 22:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-01 18:07 - 2015-12-01 18:07 - 01051067 _____ C:\Users\Desktop\RSBot-7015.jar
2015-12-01 16:09 - 2015-12-01 16:09 - 00000000 ____D C:\Users\Drew\PkHonor
2015-11-30 23:04 - 2015-11-30 23:04 - 00880432 _____ C:\Users\Desktop\OSBuddy (1).exe
2015-11-30 18:08 - 2015-12-08 19:04 - 00000000 ____D C:\Users\Desktop\Cursor [sudololz]
2015-11-30 17:13 - 2015-11-30 17:13 - 00001091 _____ C:\Users\Desktop\CodeBlocks.lnk
2015-11-30 17:13 - 2015-11-30 17:13 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-11-30 16:54 - 2015-11-30 16:57 - 00000985 _____ C:\Users\Desktop\index.html
2015-11-30 16:41 - 2015-12-05 18:54 - 00000076 _____ C:\Users\Desktop\Tripod.txt
2015-11-30 14:21 - 2015-11-30 18:53 - 00000000 ____D C:\Users\Drew\RuneLoader
2015-11-30 14:04 - 2015-12-09 19:30 - 00000000 ____D C:\Users\Desktop\Screenshots
2015-11-30 13:59 - 2015-11-30 13:59 - 00000000 _____ C:\windows\SysWOW64\shoBD17.tmp
2015-11-30 13:57 - 2015-11-30 13:57 - 00000000 ____D C:\Users\Drew\AppData\Roaming\ViberPC
2015-11-29 23:40 - 2015-11-29 23:40 - 00002342 _____ C:\Users\Desktop\Holgate Academy.RDP
2015-11-29 21:31 - 2015-11-29 21:31 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Gyazo
2015-11-29 21:30 - 2015-11-30 21:36 - 00000000 ____D C:\Program Files (x86)\Gyazo
2015-11-28 22:32 - 2015-11-30 17:13 - 00000000 ____D C:\Program Files (x86)\CodeBlocks
2015-11-28 22:21 - 2015-12-03 19:39 - 00000000 ____D C:\Users\Drew\Desktop\C++
2015-11-28 22:19 - 2015-12-03 23:02 - 00000000 ____D C:\Users\Drew\AppData\Roaming\CodeBlocks
2015-11-28 22:19 - 2015-11-30 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-11-28 22:06 - 2015-11-28 22:07 - 00000000 ____D C:\Users\Drew\.nbi
2015-11-28 17:50 - 2015-11-28 17:51 - 00000000 ____D C:\Users\Drew\Desktop\RSswitches
2015-11-28 15:37 - 2015-11-28 15:40 - 00000010 _____ C:\Users\Desktop\Antidragonslayer.txt
2015-11-28 14:26 - 2015-11-28 15:34 - 00000000 ____D C:\Program Files\HyperSnap 8
2015-11-27 20:45 - 2015-11-27 20:45 - 00000000 ____D C:\Users\Drew\Documents\engine - Copy (2)
2015-11-27 20:40 - 2015-11-27 20:40 - 00000000 ____D C:\Users\Drew\Documents\engine - Copy
2015-11-27 20:39 - 2015-11-27 20:39 - 00000000 ____D C:\Users\Drew\Documents\boosta - Copy
2015-11-27 20:14 - 2015-11-27 20:37 - 00000000 ____D C:\Users\Desktop\Fl studio projects
2015-11-26 22:06 - 2015-11-26 22:06 - 00000000 ____D C:\Users\Drew\AppData\Local\AutoIt v3
2015-11-26 22:02 - 2015-11-28 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-11-26 22:02 - 2015-11-28 15:36 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2015-11-26 18:31 - 2015-12-12 00:41 - 00000000 ____D C:\Users\Desktop\Sudololz
2015-11-24 01:07 - 2015-11-28 16:34 - 00000000 ____D C:\Users\Drew\AppData\Roaming\dclogs
2015-11-23 22:35 - 2015-11-23 22:34 - 00093772 _____ C:\Users\Desktop\MC_Barratt_-_remix.avi
2015-11-22 05:42 - 2015-11-22 05:42 - 00000000 ____D C:\Program Files\Common Files\Avid
2015-11-21 23:34 - 2015-11-21 23:34 - 00000006 _____ C:\Users\Drew\jagex_rs.txt
2015-11-21 23:30 - 2015-11-30 21:35 - 00000000 ____D C:\Users\Drew\.dreamscape_cache_2
2015-11-21 02:54 - 2015-11-21 02:54 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Image-Line
2015-11-20 16:35 - 2015-11-20 16:36 - 00000000 ____D C:\Users\Drew\.SoulSplit3
2015-11-18 15:40 - 2015-12-12 17:32 - 00000000 ____D C:\Users\Drew\AppData\Roaming\.purple
2015-11-18 15:36 - 2015-11-30 21:36 - 00000000 ____D C:\Program Files (x86)\Pidgin
2015-11-17 22:43 - 2015-11-30 21:35 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2015-11-17 22:43 - 2015-11-17 23:20 - 00000000 ____D C:\Users\Drew\AppData\Roaming\FileZilla
2015-11-15 20:17 - 2015-11-15 20:17 - 00000000 ____D C:\Users\Drew\AppData\LocalLow\Dashlane
2015-11-15 20:17 - 2015-11-15 20:17 - 00000000 ____D C:\ProgramData\TuneUp Software
2015-11-15 20:16 - 2015-11-15 20:37 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2015-11-15 20:15 - 2003-05-21 22:50 - 01700352 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-14 20:37 - 2015-11-11 16:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-14 20:15 - 2015-07-15 11:03 - 00000904 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-14 20:12 - 2009-07-14 04:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 20:12 - 2009-07-14 04:45 - 00020688 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-14 20:04 - 2012-08-21 22:46 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-14 19:50 - 2012-04-03 00:05 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-14 19:24 - 2013-09-06 21:19 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-728148453-1673340213-1726226681-1001UA.job
2015-12-14 18:02 - 2015-02-08 11:45 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-14 17:59 - 2009-07-14 03:20 - 00000000 ____D C:\Windows
2015-12-14 17:51 - 2015-02-20 16:59 - 00000386 _____ C:\windows\Tasks\update-sys.job
2015-12-14 17:49 - 2015-02-08 11:50 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-14 17:21 - 2009-07-14 03:20 - 00000000 ____D C:\windows\inf
2015-12-14 16:50 - 2012-04-03 00:05 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-14 16:48 - 2015-10-24 15:52 - 00002794 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2015-12-14 16:44 - 2012-04-02 23:46 - 00000000 ____D C:\ProgramData\Temp
2015-12-14 16:43 - 2015-02-20 16:59 - 00000386 _____ C:\windows\Tasks\update-S-1-5-21-728148453-1673340213-1726226681-1005.job
2015-12-14 16:15 - 2015-07-15 11:03 - 00000900 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-14 15:47 - 2009-07-14 05:13 - 00961590 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-14 15:40 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-14 15:39 - 2009-07-14 05:08 - 00032606 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-12-14 15:31 - 2015-09-23 15:00 - 00000000 ____D C:\ProgramData\VMware
2015-12-14 00:18 - 2015-02-19 19:55 - 00000000 ____D C:\Users\Drew\Documents\Youcam
2015-12-14 00:06 - 2015-07-15 11:19 - 00000000 ___RD C:\Users\Drew\Dropbox
2015-12-14 00:06 - 2015-07-15 11:02 - 00000000 ____D C:\Users\Drew\AppData\Local\Dropbox
2015-12-13 22:24 - 2013-09-06 21:19 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-728148453-1673340213-1726226681-1001Core.job
2015-12-13 21:54 - 2015-11-01 13:53 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-12-13 21:45 - 2009-07-14 04:45 - 00275040 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-13 21:43 - 2012-04-02 22:41 - 00321505 _____ C:\DUMP4c99.tmp
2015-12-13 16:33 - 2013-03-13 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 16:31 - 2013-03-13 20:12 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 16:31 - 2013-03-13 20:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-13 16:19 - 2015-07-15 11:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-13 16:12 - 2011-02-15 10:41 - 00000000 ____D C:\Program Files\Windows Journal
2015-12-13 14:46 - 2013-07-28 02:06 - 00000000 ____D C:\windows\system32\MRT
2015-12-13 14:46 - 2012-08-22 15:41 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-13 02:00 - 2015-02-17 19:50 - 00000000 ____D C:\Users\Drew\AppData\Local\Adobe
2015-12-12 23:56 - 2015-06-14 11:33 - 00000000 ____D C:\Users\Drew\AppData\Roaming\.minecraft
2015-12-12 23:52 - 2015-02-19 16:50 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Skype
2015-12-12 23:10 - 2015-03-21 20:30 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-12-12 18:07 - 2012-08-21 22:46 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-12 18:07 - 2012-08-21 22:46 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-12 18:07 - 2012-08-21 22:46 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-12 17:24 - 2015-02-27 20:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-12 17:23 - 2015-02-27 20:30 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Basic 2008 Express Edition.lnk
2015-12-12 16:45 - 2012-04-03 00:05 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-12 16:45 - 2012-04-03 00:05 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-12 13:54 - 2015-03-20 21:59 - 00000000 ____D C:\Python34
2015-12-12 13:54 - 2015-02-16 18:28 - 00000000 ____D C:\Users\Drew\AppData\Local\CrashDumps
2015-12-12 00:52 - 2015-03-18 20:34 - 00000000 ____D C:\Program Files (x86)\Image-Line
2015-12-12 00:51 - 2015-10-17 12:44 - 00000000 ____D C:\Users\Drew\AppData\Roaming\RPEng
2015-12-12 00:51 - 2015-03-18 20:41 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-12-11 21:45 - 2015-10-23 23:11 - 00000000 ____D C:\inetpub
2015-12-10 23:49 - 2015-02-15 12:22 - 00000000 ____D C:\Users\Drew
2015-12-10 17:45 - 2015-03-20 22:02 - 00000000 ____D C:\Users\Drew\.idlerc
2015-12-07 18:39 - 2015-05-29 11:47 - 00000788 _____ C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-12-05 22:52 - 2015-02-28 14:53 - 00000043 _____ C:\Users\Drew\jagex_cl_oldschool_LIVE.dat
2015-12-05 21:04 - 2015-10-11 20:33 - 00000000 ____D C:\Users\Drew\Documents\BSR Videos
2015-12-05 21:04 - 2015-10-11 20:33 - 00000000 ____D C:\Users\Drew\Documents\BSR Photos
2015-12-02 17:53 - 2015-08-10 12:29 - 00007602 _____ C:\Users\Drew\AppData\Local\Resmon.ResmonCfg
2015-12-01 18:52 - 2015-10-24 13:47 - 00000023 _____ C:\Users\Drew\jagexappletviewer.preferences
2015-12-01 18:15 - 2015-03-01 19:30 - 00000000 ____D C:\Users\Drew\AppData\Roaming\RSBot
2015-12-01 18:07 - 2015-02-21 21:44 - 00000043 _____ C:\Users\Drew\jagex_cl_runescape_LIVE.dat
2015-11-30 21:37 - 2015-11-13 17:29 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2015-11-30 21:37 - 2015-11-08 20:19 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber
2015-11-30 21:37 - 2015-10-29 18:37 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-11-30 21:37 - 2015-10-27 15:18 - 00000000 ____D C:\Users\Drew\OSBuddy
2015-11-30 21:37 - 2015-10-26 01:41 - 00000000 ____D C:\Users\Drew\AppData\Roaming\NuGet
2015-11-30 21:37 - 2015-10-25 14:32 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2015-11-30 21:37 - 2015-10-24 20:13 - 00000000 ____D C:\windows\SysWOW64\ZALSDK_uninst
2015-11-30 21:37 - 2015-10-24 15:59 - 00000000 ____D C:\Users\Drew\AppData\Roaming\QFX Software
2015-11-30 21:37 - 2015-10-24 13:45 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2015-11-30 21:37 - 2015-10-23 23:15 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-30 21:37 - 2015-10-22 22:00 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Bitcoin
2015-11-30 21:37 - 2015-10-22 21:58 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Armory
2015-11-30 21:37 - 2015-09-23 15:11 - 00000000 ____D C:\Users\Drew\AppData\Roaming\VMware
2015-11-30 21:37 - 2015-07-30 16:10 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Andy
2015-11-30 21:37 - 2015-07-30 16:09 - 00000000 ___RD C:\Users\Drew\AppData\Roaming\Andy_44_Online
2015-11-30 21:37 - 2015-06-27 21:08 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2015-11-30 21:37 - 2015-06-19 15:28 - 00000000 ___RD C:\Users\Drew\Creative Cloud Files
2015-11-30 21:37 - 2015-05-17 19:15 - 00000000 ____D C:\Users\Drew\AppData\Roaming\help_images_otherUI
2015-11-30 21:37 - 2015-05-17 08:54 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Autodesk
2015-11-30 21:37 - 2015-04-05 01:01 - 00000000 ___SD C:\windows\system32\GWX
2015-11-30 21:37 - 2015-04-02 23:14 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Auto Mouse Click by MurGee.com
2015-11-30 21:37 - 2015-02-18 17:54 - 00000000 ____D C:\Users\Drew\Documents\Steam
2015-11-30 21:37 - 2015-02-15 12:38 - 00000000 ____D C:\Users\Drew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-11-30 21:37 - 2014-06-19 11:16 - 00000000 ____D C:\windows\System32\Tasks\Apple
2015-11-30 21:37 - 2014-05-06 19:17 - 00000000 ___SD C:\windows\system32\CompatTel
2015-11-30 21:37 - 2013-05-20 23:11 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-11-30 21:37 - 2012-08-03 00:20 - 00000000 ____D C:\Users\Ben M
2015-11-30 21:37 - 2012-04-02 22:50 - 00000000 ____D C:\windows\VMC412
2015-11-30 21:37 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-11-30 21:37 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-11-30 21:37 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-30 21:37 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-11-30 21:37 - 2009-07-14 05:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\SysWOW64\com
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\Setup
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\inetsrv
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\com
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-11-30 21:37 - 2009-07-14 03:20 - 00000000 ____D C:\windows\servicing
2015-11-30 21:36 - 2015-11-13 17:29 - 00000000 ____D C:\Program Files\FreeFixer
2015-11-30 21:36 - 2015-11-13 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-11-30 21:36 - 2015-11-12 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VB Decompiler Lite
2015-11-30 21:36 - 2015-11-12 19:31 - 00000000 ____D C:\Program Files (x86)\VB Decompiler Lite
2015-11-30 21:36 - 2015-11-12 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
2015-11-30 21:36 - 2015-11-08 20:19 - 00000000 ____D C:\Users\Drew\AppData\Local\Viber
2015-11-30 21:36 - 2015-11-07 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ODT Viewer
2015-11-30 21:36 - 2015-11-07 23:43 - 00000000 ____D C:\Program Files (x86)\ODT Viewer
2015-11-30 21:36 - 2015-11-03 20:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MouseRecorder
2015-11-30 21:36 - 2015-11-03 20:33 - 00000000 ____D C:\Program Files (x86)\MouseRecorder
2015-11-30 21:36 - 2015-11-01 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-11-30 21:36 - 2015-11-01 16:08 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-11-30 21:36 - 2015-10-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-30 21:36 - 2015-10-24 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
2015-11-30 21:36 - 2015-10-24 20:13 - 00000000 ____D C:\Program Files (x86)\AntiLogger
2015-11-30 21:36 - 2015-10-24 15:59 - 00000000 ____D C:\ProgramData\QFX Software
2015-11-30 21:36 - 2015-10-24 15:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-30 21:36 - 2015-10-24 15:52 - 00000000 ____D C:\Program Files\CCleaner
2015-11-30 21:36 - 2015-10-24 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2015-11-30 21:36 - 2015-10-24 14:58 - 00000000 ____D C:\Program Files (x86)\KeyScrambler
2015-11-30 21:36 - 2015-10-24 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
2015-11-30 21:36 - 2015-10-24 14:31 - 00000000 ____D C:\Program Files\TrueCrypt
2015-11-30 21:36 - 2015-10-24 14:05 - 00000000 ___RD C:\Users\Desktop\Desktop files
2015-11-30 21:36 - 2015-10-23 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-11-30 21:36 - 2015-10-23 17:20 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2015-11-30 21:36 - 2015-10-23 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-11-30 21:36 - 2015-10-22 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armory
2015-11-30 21:36 - 2015-10-22 21:58 - 00000000 ____D C:\Program Files (x86)\Armory
2015-11-30 21:36 - 2015-10-22 19:45 - 00000000 ____D C:\Program Files\IIS Express
2015-11-30 21:36 - 2015-10-22 19:45 - 00000000 ____D C:\Program Files (x86)\IIS Express
2015-11-30 21:36 - 2015-10-17 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assist by AOL PC Scan
2015-11-30 21:36 - 2015-10-14 20:42 - 00000000 ____D C:\Program Files\VeraCrypt
2015-11-30 21:36 - 2015-10-11 20:32 - 00000000 ____D C:\Program Files\BSR Screen Recorder 6
2015-11-30 21:36 - 2015-10-11 16:10 - 00000000 ____D C:\Program Files\Wireshark
2015-11-30 21:36 - 2015-10-10 14:01 - 00000000 ____D C:\Program Files (x86)\Uplink
2015-11-30 21:36 - 2015-08-24 01:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-11-30 21:36 - 2015-08-24 00:46 - 00000000 ____D C:\Program Files (x86)\OpenAL
2015-11-30 21:36 - 2015-08-24 00:46 - 00000000 ____D C:\Program Files (x86)\BRS
2015-11-30 21:36 - 2015-08-24 00:34 - 00000000 ____D C:\Program Files (x86)\Colin McRae DiRT 2
2015-11-30 21:36 - 2015-08-11 19:34 - 00000000 ____D C:\Program Files\PowerISO
2015-11-30 21:36 - 2015-07-22 20:21 - 00000000 ____D C:\Program Files (x86)\Dorgem
2015-11-30 21:36 - 2015-07-15 15:58 - 00000000 ____D C:\Program Files\paint.net
2015-11-30 21:36 - 2015-05-17 19:15 - 00000000 ____D C:\Program Files\Common Files\eDrawings2015
2015-11-30 21:36 - 2015-05-17 09:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2015-11-30 21:36 - 2015-05-17 09:07 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2015-11-30 21:36 - 2015-05-17 08:53 - 00000000 ____D C:\Users\Drew\AppData\Local\Akamai
2015-11-30 21:36 - 2015-04-24 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Algodoo
2015-11-30 21:36 - 2015-04-24 22:19 - 00000000 ____D C:\Program Files (x86)\Algodoo
2015-11-30 21:36 - 2015-04-05 22:05 - 00000000 ____D C:\Program Files (x86)\VTFEdit
2015-11-30 21:36 - 2015-04-04 23:16 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-11-30 21:36 - 2015-04-02 23:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Mouse Click by MurGee.com
2015-11-30 21:36 - 2015-03-21 20:31 - 00000000 ____D C:\Program Files\TAP-Windows
2015-11-30 21:36 - 2015-03-08 16:18 - 00000000 ____D C:\Program Files\Eraser
2015-11-30 21:36 - 2015-02-28 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker
2015-11-30 21:36 - 2015-02-24 18:09 - 00000000 ____D C:\Program Files\Sandboxie
2015-11-30 21:36 - 2015-02-19 22:49 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-11-30 21:36 - 2015-02-19 16:35 - 00000000 ____D C:\Program Files (x86)\CommView
2015-11-30 21:36 - 2015-02-17 21:00 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-11-30 21:36 - 2015-02-17 19:51 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2015-11-30 21:36 - 2015-02-16 17:17 - 00000000 ____D C:\Program Files (x86)\WinRAR
2015-11-30 21:36 - 2015-02-11 17:14 - 00000000 ____D C:\Program Files\Bitcoin
2015-11-30 21:36 - 2015-02-09 19:37 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.4
2015-11-30 21:36 - 2015-02-09 18:52 - 00000000 ____D C:\Program Files (x86)\Automation
2015-11-30 21:36 - 2015-02-08 11:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-30 21:36 - 2014-06-19 11:17 - 00000000 ____D C:\Program Files\iTunes
2015-11-30 21:36 - 2014-06-19 11:16 - 00000000 ____D C:\Program Files\Bonjour
2015-11-30 21:36 - 2014-06-19 11:16 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-30 21:36 - 2014-06-19 11:16 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-30 21:36 - 2013-11-26 15:48 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2015-11-30 21:36 - 2013-11-26 15:47 - 00000000 ____D C:\Program Files (x86)\WiseConvert
2015-11-30 21:36 - 2013-05-20 23:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-11-30 21:36 - 2012-04-02 22:51 - 00000000 ____D C:\Program Files\Elo TouchSystems
2015-11-30 21:36 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-11-30 21:33 - 2009-07-14 03:20 - 00000000 ____D C:\windows\registration
2015-11-30 21:31 - 2015-10-22 20:00 - 00000000 ____D C:\Users\Drew\Documents\Visual Studio 2015
2015-11-30 20:07 - 2015-02-15 12:32 - 00000000 ____D C:\Users\Drew\.VirtualBox
2015-11-30 13:57 - 2015-11-11 15:47 - 00000000 ____D C:\Users\Drew\AppData\LocalLow\uTorrent
2015-11-30 13:57 - 2015-10-17 12:43 - 00000000 ____D C:\Users\Drew\AppData\Roaming\uTorrent
2015-11-30 13:41 - 2015-11-13 17:29 - 00000306 _____ C:\windows\Tasks\FreeFixer background scan.job
2015-11-29 23:38 - 2015-10-24 17:44 - 00000000 ____D C:\VeraData
2015-11-26 22:02 - 2011-02-15 10:41 - 00000000 ____D C:\windows\ShellNew
2015-11-21 01:44 - 2015-08-25 22:00 - 00000000 ____D C:\Users\Drew\AppData\Local\Windows Live Writer
2015-11-18 18:26 - 2015-09-23 15:11 - 00000000 ____D C:\Users\Drew\AppData\Local\VMware
2015-11-17 17:25 - 2015-02-15 12:34 - 00000000 ____D C:\Users\Drew\VirtualBox VMs
2015-11-14 23:46 - 2015-03-21 20:33 - 00000000 ____D C:\Users\Drew\AppData\Local\CyberGhost

==================== Files in the root of some directories =======

2015-02-11 17:16 - 2015-02-11 17:16 - 0090112 _____ () C:\Program Files\btv.dat
2012-04-02 23:49 - 2012-04-02 23:49 - 1914000 _____ (Adobe Systems Incorporated) C:\ProgramData\flashax10.exe

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Desktop\OSBuddy (1).exe
C:\Users\Desktop\procexp.exe
C:\Users\Desktop\TechnicLauncher.exe


Some files in TEMP:
====================
C:\Users\Ben M\AppData\Local\Temp\AVG-AntiVirus-Free-2014201505315.exe
C:\Users\Ben M\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq2ja3v.dll
C:\Users\Ben M\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Ben M\AppData\Local\Temp\SAS6_Update.exe
C:\Users\Ben M\AppData\Local\Temp\sSetup.exe
C:\Users\Ben M\AppData\Local\Temp\UNINSTALL.exe
C:\Users\Drew\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprmfteq.dll
C:\Users\Drew\AppData\Local\Temp\sfextra.dll
C:\Users\Drew\AppData\Local\Temp\upnp.exe
C:\Users\lolnoram\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-02 19:17

==================== End of FRST.txt ============================