Freepchelp.co.uk

Cleanup for Bob12a

2014-11-04

As requested from bob12a

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-11-2014

Ran by BF2010 (administrator) on BF2010-PC on 04-11-2014 15:43:03

Running from C:\Users\BF2010\Downloads

Loaded Profile: BF2010 (Available profiles: BF2010)

Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Dropbox, Inc.) C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbo x.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

(Secunia) C:\Program Files\Secunia\PSI\psia.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Acronis) C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe

(Secunia) C:\Program Files\Secunia\PSI\sua.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(Siber Systems Inc.) C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\Evernote.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteTray.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

(Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\swriter.exe

(Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\soffice.exe

(Apache Software Foundation) C:\Program Files\OpenOffice Beta 4\program\soffice.bin

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\BF2010\Downloads\FRST (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-31] (Siber Systems)

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)

HKU\S-1-5-18\...\Run: [Samsung.PCSync] => C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2009-06-04] (Nokia)

Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\BF2010\AppData\Roaming\Dropbox\bin\Dropbo x.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?pc=UP97&ocid=UP97DHP

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=EIE9HP&PC=UP50

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://start.roboform.com

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2785784116-2001642337-1380054423-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab

Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF ProfilePath: C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default

FF DefaultSearchEngine: Bing

FF DefaultSearchUrl: https://uk.search.yahoo.com/yhs/search

FF SearchEngineOrder.1: Yahoo! (Avast)

FF SearchEngineOrder.3: Bing

FF SelectedSearchEngine: Bing

FF Homepage: hxxp://uk.msn.com/?pc=UP97&ocid=UP97DHP|hxxp://start.roboform.com

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=

FF NetworkProxy: "no_proxies_on", "localhost"

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_ 189.dll ()

FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\np googletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\BF2010\AppData\Roaming\Mozilla\plugins\np o1d.dll (Google)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\BF2010\AppData\Local\Google\Update\1.3.24 .15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\np googletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\BF2010\AppData\Roaming\mozilla\plugins\np o1d.dll (Google)

FF SearchPlugin: C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\searchplugins\yahoo-avast.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

FF Extension: QuickFox Notes - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\amin.eft_bmnote s@gmail.com [2014-06-21]

FF Extension: cosstminn - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\y94661a@pwkeoxv qto.co.uk [2014-07-16]

FF Extension: Anaglyph 3D - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\anaglyph3d@inte rnauta1024a.pl.xpi [2014-05-23]

FF Extension: Exif Viewer - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\exif_viewer@moz illa.doslash.org.xpi [2014-06-13]

FF Extension: English (GB) Language Pack - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2014-06-01]

FF Extension: Adblock Plus - C:\Users\BF2010\AppData\Roaming\Mozilla\Firefox\Pr ofiles\cd9e1ckw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-24]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-07]

FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010-03-25]

FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox

Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION

CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2014-10-23]

CHR Extension: (Google Docs) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2014-10-23]

CHR Extension: (Google Drive) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2014-10-23]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2014-10-23]

CHR Extension: (YouTube) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2014-10-23]

CHR Extension: (Google Search) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2014-10-23]

CHR Extension: (Google Sheets) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2014-10-23]

CHR Extension: (Google Wallet) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2014-10-23]

CHR Extension: (Gmail) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2014-10-23]

CHR Extension: (RoboForm) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapk mbliob [2014-10-23]

CHR Profile: C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Docs) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-18]

CHR Extension: (Google Drive) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-18]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]

CHR Extension: (YouTube) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-18]

CHR Extension: (Google Search) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-18]

CHR Extension: (Skype Click to Call) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-25]

CHR Extension: (Google Wallet) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-18]

CHR Extension: (Gmail) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-18]

CHR Extension: (RoboForm) - C:\Users\BF2010\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-08-18]

CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\WordWeb\wcxChrome.crx [2012-05-04]

CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-03-07]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [821016 2012-04-27] (Acronis)

S4 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3459024 2012-05-15] (Acronis)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915784 2014-09-17] (NVIDIA Corporation)

S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-06-10] (Google)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 MSSQL$EONENERGYFIT; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18044744 2014-09-17] (NVIDIA Corporation)

R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-09-14] (IBM Corp.)

R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)

R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)

S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [620544 2008-11-11] (Nokia.) [File not signed]

S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 syncagentsrv; C:\Program Files\Common Files\Acronis\SyncAgent\syncagentsrv.exe [5914912 2012-04-27] (Acronis)

R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1731896 2014-01-28] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11832 2009-07-07] (Advanced Micro Devices Inc.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2014-07-14] (Advanced Micro Devices)

R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2014-07-14] (Advanced Micro Devices)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)

S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [100352 2009-11-18] (ATI Technologies, Inc.) [File not signed]

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-12] (AVG Technologies)

S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)

S3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [507704 2012-07-03] (Broadcom Corporation.)

S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()

S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)

S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25712 2013-05-13] (Microsoft Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32928 2014-09-04] (NVIDIA Corporation)

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2011-12-16] (Secunia)

R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus32_80055.sys [430264 2014-09-24] ()

R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [251288 2014-09-14] (IBM Corp.)

S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [208888 2014-09-14] (IBM Corp.)

S3 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [332696 2014-09-14] (IBM Corp.)

S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)

S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)

S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)

R0 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [775232 2012-05-15] (Acronis)

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-09-19] (TuneUp Software)

S3 USBPNPA; C:\Windows\System32\drivers\CM108.sys [1310720 2007-06-28] (C-Media Inc)

R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [126880 2012-05-15] (Acronis)

R0 vidsflt67; C:\Windows\System32\DRIVERS\vsflt67.sys [86496 2012-05-15] (Acronis)

S3 netr28u; system32\DRIVERS\netr28u.sys [X]

S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]

S3 Ser2pl; system32\DRIVERS\ser2pl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 14:56 - 2014-11-04 14:56 - 00880272 _____ (Google Inc.) C:\Users\BF2010\Downloads\ChromeSetup (3).exe

2014-11-04 11:10 - 2014-11-04 11:10 - 00000000 ____D () C:\Windows\system32\SPReview

2014-11-04 07:53 - 2014-11-04 07:53 - 01106432 _____ (Farbar) C:\Users\BF2010\Downloads\FRST (1).exe

2014-11-03 07:56 - 2014-11-03 07:59 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.0.3.1025 (1).exe

2014-11-02 08:27 - 2014-11-04 14:38 - 00001680 _____ () C:\Windows\setupact.log

2014-11-02 08:27 - 2014-11-02 08:27 - 00000000 _____ () C:\Windows\setuperr.log

2014-11-02 08:25 - 2014-11-02 08:25 - 00020826 _____ () C:\Users\BF2010\Documents\cc_20141102_082457.reg

2014-11-02 08:00 - 2014-11-02 08:00 - 04977216 _____ (Piriform Ltd) C:\Users\BF2010\Downloads\ccsetup419.exe

2014-10-31 07:51 - 2014-10-31 07:51 - 00436504 _____ (IBM Corp.) C:\Users\BF2010\Downloads\RapportSetup (2).exe

2014-10-31 07:45 - 2014-10-31 07:46 - 16254368 _____ (Siber Systems) C:\Users\BF2010\Downloads\RoboForm-Setup-cnetc.exe

2014-10-26 15:52 - 2014-10-27 11:25 - 00000000 ____D () C:\Users\BF2010\Desktop\RIGHT TEST 02

2014-10-26 15:51 - 2014-10-27 11:23 - 00000000 ____D () C:\Users\BF2010\Desktop\LEFT TEST 02

2014-10-25 07:30 - 2014-10-10 01:39 - 00394752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-25 07:30 - 2014-10-10 01:39 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-25 07:30 - 2014-10-10 01:34 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-25 07:30 - 2014-09-15 00:42 - 02377216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-25 06:30 - 2014-03-31 20:36 - 00049856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys

2014-10-25 06:29 - 2014-10-25 06:29 - 00001255 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk

2014-10-25 06:28 - 2014-10-25 06:28 - 00001324 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk

2014-10-25 06:21 - 2010-06-02 03:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll

2014-10-25 06:21 - 2010-06-02 03:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll

2014-10-25 06:21 - 2010-05-26 10:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2014-10-25 06:13 - 2014-10-25 06:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive

2014-10-25 06:05 - 2014-10-25 06:05 - 01239752 _____ (Microsoft Corporation) C:\Users\BF2010\Downloads\wlsetup-web (2).exe

2014-10-25 05:52 - 2014-10-25 05:52 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{A48E34A6-5BFA-462C-920F-89100535B48A}

2014-10-24 08:33 - 2014-10-24 08:33 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{5D54C2D5-29CD-4466-9132-BE38017D463C}

2014-10-23 14:27 - 2014-10-23 14:27 - 01962496 _____ () C:\Users\BF2010\Downloads\AdwCleaner (2).exe

2014-10-23 14:22 - 2014-10-23 14:22 - 01962496 _____ () C:\Users\BF2010\Downloads\AdwCleaner (1).exe

2014-10-23 14:05 - 2014-11-04 15:24 - 00000000 ____D () C:\Users\BF2010\Desktop\malware checks

2014-10-23 10:21 - 2014-10-23 10:22 - 00066891 _____ () C:\Users\BF2010\Downloads\Addition.txt

2014-10-23 10:19 - 2014-11-04 15:43 - 00026008 _____ () C:\Users\BF2010\Downloads\FRST.txt

2014-10-23 10:19 - 2014-11-04 15:43 - 00000000 ____D () C:\FRST

2014-10-23 10:18 - 2014-10-23 10:18 - 01103360 _____ (Farbar) C:\Users\BF2010\Downloads\FRST.exe

2014-10-23 09:29 - 2014-10-23 09:30 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\BF2010\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-23 05:49 - 2014-10-23 05:50 - 00000000 ____D () C:\Users\BF2010\AppData\Local\{24F27E83-5FAF-431D-9C1C-666A183108E4}

2014-10-23 05:46 - 2014-10-23 05:46 - 00953604 _____ () C:\Users\BF2010\Downloads\Photo1583.rar

2014-10-23 05:45 - 2014-10-23 05:45 - 01524393 _____ () C:\Users\BF2010\Downloads\Photo1584.rar

2014-10-22 06:38 - 2014-10-22 06:38 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-10-22 06:38 - 2014-10-22 06:38 - 00001113 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-10-22 06:38 - 2014-10-22 06:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-10-22 06:28 - 2014-10-22 06:29 - 36240048 _____ () C:\Users\BF2010\Downloads\Firefox Setup 33.0.exe

2014-10-22 05:57 - 2014-10-22 05:57 - 00770360 _____ ( ) C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_ Win_x86_install_en-US_inst (2).exe

2014-10-21 15:43 - 2014-10-22 10:21 - 00000067 _____ () C:\Users\BF2010\AppData\Roaming\WB.CFG

2014-10-21 15:34 - 2014-10-21 15:34 - 00770360 _____ ( ) C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_ Win_x86_install_en-US_inst (1).exe

2014-10-21 10:26 - 2014-10-21 10:26 - 01705698 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (6).exe

2014-10-21 09:46 - 2014-10-21 09:46 - 01705698 _____ (Thisisu) C:\Users\BF2010\Downloads\JRT (5).exe

2014-10-21 09:41 - 2014-10-21 09:41 - 00000000 ____D () C:\Users\BF2010\AppData\Local\StormFall

2014-10-21 09:38 - 2014-10-21 09:38 - 00712240 _____ ( ) C:\Users\BF2010\Downloads\FileOpenerSetup.exe

2014-10-21 06:27 - 2014-10-21 06:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2014-10-21 06:27 - 2014-10-21 06:27 - 00000000 ____D () C:\Program Files\Speccy

2014-10-21 06:23 - 2014-10-21 06:23 - 04890736 _____ (Piriform Ltd) C:\Users\BF2010\Downloads\spsetup126.exe

2014-10-20 09:20 - 2014-10-20 09:20 - 00000528 _____ () C:\Users\BF2010\AppData\Roaming\NMM-MetaData.db

2014-10-19 14:56 - 2014-10-19 14:56 - 00000001 _____ () C:\Users\BF2010\AppData\Local\DSI.DAT

2014-10-19 07:52 - 2014-10-19 07:52 - 00014746 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\0C1I1L1R1J0C1F1G1G 1P1R2Z

2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Sparta

2014-10-16 13:54 - 2014-10-16 13:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Plarium

2014-10-16 10:07 - 2014-10-16 10:07 - 00000000 ____D () C:\ProgramData\boost_interprocess

2014-10-16 05:57 - 2014-10-16 05:57 - 00000268 ___RH () C:\ProgramData\Strings

2014-10-16 05:57 - 2014-10-16 05:57 - 00000012 ___RH () C:\ProgramData\Textures

2014-10-16 05:54 - 2014-10-20 10:27 - 00000000 ____D () C:\ProgramData\54F3DE4E-B7BA-4EBD-8B3B-385D272CC583

2014-10-16 05:47 - 2014-10-16 05:50 - 112498648 _____ () C:\Users\BF2010\Downloads\S-VNX2__-021002WF-EUREN-32BIT_.exe

2014-10-14 06:07 - 2014-10-14 06:07 - 00244136 _____ () C:\Users\BF2010\Downloads\Firefox Setup Stub 32.0.3.exe

2014-10-13 15:18 - 2014-10-13 15:18 - 00000934 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk

2014-10-13 15:10 - 2014-10-13 15:11 - 62091264 _____ () C:\Users\BF2010\Downloads\calibre-2.5.0.msi

2014-10-13 14:58 - 2014-02-12 09:44 - 12612096 _____ () C:\Program Files\cr3.exe

2014-10-13 14:58 - 2014-02-12 09:43 - 00000000 ____D () C:\Program Files\res

2014-10-13 14:58 - 2011-02-19 23:03 - 00421200 _____ (Microsoft Corporation) C:\Program Files\msvcp100.dll

2014-10-13 14:58 - 2011-02-19 00:40 - 00773968 _____ (Microsoft Corporation) C:\Program Files\msvcr100.dll

2014-10-13 14:53 - 2014-10-13 14:53 - 08798971 _____ () C:\Users\BF2010\Downloads\cr3-newui-opengl-win32-qt-static-angle-3.3.23.zip

2014-10-09 08:56 - 2014-10-09 09:03 - 00000000 ____D () C:\Users\BF2010\Desktop\2d irfran idf50lb

2014-10-08 09:29 - 2014-10-08 09:29 - 00004330 _____ () C:\Windows\Tasks\SCHEDLGU(22).TXT

2014-10-07 09:48 - 2014-10-22 06:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-10-06 09:05 - 2014-10-06 09:05 - 00000000 ____D () C:\773418432d8f83abbbb75e318ec85794

2014-10-05 08:19 - 2014-10-05 08:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync

2014-10-05 08:16 - 2014-10-05 08:17 - 09070416 _____ (Siber Systems) C:\Users\BF2010\Downloads\GoodSync-Setup-8.9.9.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 15:19 - 2014-07-25 09:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-04 15:01 - 2010-06-07 14:40 - 00000000 ___RD () C:\Users\BF2010\Desktop\unwanted for now

2014-11-04 14:48 - 2009-07-14 04:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-04 14:48 - 2009-07-14 04:34 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-04 14:44 - 2011-04-10 10:39 - 01080819 _____ () C:\Windows\WindowsUpdate.log

2014-11-04 14:39 - 2011-08-13 11:27 - 00000000 ___RD () C:\Users\BF2010\Dropbox

2014-11-04 14:39 - 2011-08-13 11:24 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Dropbox

2014-11-04 14:37 - 2014-07-25 09:36 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-04 14:37 - 2011-10-26 16:36 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-11-04 14:37 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-04 11:04 - 2011-01-31 07:18 - 00000000 ____D () C:\Users\BF2010\AppData\Local\CrashDumps

2014-11-03 16:11 - 2014-08-24 18:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-02 08:06 - 2010-04-20 10:25 - 00000000 ____D () C:\Windows\pss

2014-11-02 08:05 - 2010-03-26 16:37 - 00000000 ____D () C:\Program Files\CCleaner

2014-11-01 11:18 - 2010-02-15 16:52 - 00091840 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-01 08:35 - 2010-12-29 07:36 - 00002125 _____ () C:\Windows\epplauncher.mif

2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\Guest

2014-10-31 08:13 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\Administrator

2014-10-31 07:48 - 2012-02-21 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm

2014-10-30 07:51 - 2013-07-14 06:05 - 00000000 ____D () C:\Users\BF2010\Desktop\PHEREO PICS

2014-10-30 07:41 - 2012-09-04 05:59 - 00000000 ___RD () C:\Users\BF2010\Desktop\quick

2014-10-28 06:35 - 2010-02-16 10:43 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-25 08:23 - 2009-07-14 04:33 - 03863744 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-25 08:16 - 2014-07-11 12:19 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-25 07:43 - 2013-08-14 05:56 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-25 07:32 - 2010-02-16 10:43 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-25 07:05 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-10-25 06:30 - 2014-08-15 11:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

2014-10-25 06:27 - 2014-08-15 11:17 - 00001408 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

2014-10-25 06:27 - 2014-08-15 11:16 - 00002436 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

2014-10-25 06:25 - 2010-02-16 15:12 - 00000000 ____D () C:\Program Files\Windows Live

2014-10-25 06:22 - 2009-07-14 02:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2014-10-24 09:00 - 2014-07-16 15:02 - 00000000 ____D () C:\Users\BF2010\Desktop\right tests

2014-10-24 08:59 - 2014-07-16 14:58 - 00000000 ____D () C:\Users\BF2010\Desktop\left tests

2014-10-23 14:38 - 2013-09-27 15:51 - 00000000 ____D () C:\AdwCleaner

2014-10-23 14:35 - 2014-07-16 06:40 - 00000000 ____D () C:\Users\BF2010\AppData\Local\AVG SafeGuard toolbar

2014-10-23 09:34 - 2014-08-24 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-23 09:34 - 2014-08-24 17:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-10-23 06:21 - 2014-08-19 05:39 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Adobe

2014-10-23 05:52 - 2013-04-05 08:20 - 01820160 ___SH () C:\Users\BF2010\Desktop\Thumbs.db

2014-10-21 15:40 - 2014-09-19 05:59 - 140852175 _____ () C:\Users\BF2010\Downloads\Apache_OpenOffice_4.1.1_ Win_x86_install_en-US.exe

2014-10-21 09:32 - 2012-01-29 16:04 - 00000000 ____D () C:\Users\BF2010\Desktop\safty

2014-10-20 10:30 - 2010-03-25 10:47 - 00000000 ____D () C:\Users\BF2010

2014-10-20 10:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\wfp

2014-10-20 10:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system

2014-10-20 10:27 - 2014-07-15 09:04 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Bluetooth Devices

2014-10-20 10:27 - 2013-08-19 14:50 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Adobe_Systems_Incorp orate

2014-10-20 10:27 - 2013-07-18 09:00 - 00000000 ____D () C:\Users\BF2010\.globonote

2014-10-20 10:27 - 2013-04-01 15:22 - 00000000 ____D () C:\Users\BF2010\AppData\Local\MetaGeek,_LLC

2014-10-20 10:27 - 2013-01-18 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-20 10:27 - 2012-09-20 05:39 - 00000000 ____D () C:\Users\BF2010\AppData\Local\lptmp844513598

2014-10-20 10:27 - 2012-08-12 09:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2

2014-10-20 10:27 - 2012-06-12 10:25 - 00000000 ____D () C:\Users\BF2010\AppData\Local\IM

2014-10-20 10:27 - 2011-11-10 07:09 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Akamai

2014-10-20 10:27 - 2011-07-27 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2

2014-10-20 10:27 - 2011-03-10 17:40 - 00000000 ____D () C:\Program Files\Calibre2

2014-10-20 10:27 - 2010-03-26 10:45 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\IrfanView

2014-10-20 10:25 - 2010-10-24 08:26 - 00000000 ____D () C:\Windows\Minidump

2014-10-20 10:25 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\registration

2014-10-20 10:24 - 2014-07-16 06:19 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Comodo

2014-10-20 10:24 - 2010-07-24 09:37 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Flickr

2014-10-20 10:24 - 2010-03-25 15:51 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Google

2014-10-20 10:21 - 2011-07-27 08:54 - 00000000 ____D () C:\Program Files\Nikon

2014-10-20 10:21 - 2010-02-16 14:01 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-10-20 10:20 - 2011-07-27 08:54 - 00000000 ____D () C:\Program Files\Common Files\Nikon

2014-10-19 09:26 - 2011-07-27 08:54 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT

2014-10-17 09:17 - 2011-07-27 08:54 - 00000000 ____D () C:\Users\BF2010\AppData\Local\Downloaded Installations

2014-10-16 05:57 - 2011-12-22 15:27 - 00000268 ___RH () C:\Users\BF2010\AppData\Roaming\StatusSheet

2014-10-16 05:57 - 2011-07-27 08:54 - 00000020 ____H () C:\ProgramData\PKP_DLes.DAT

2014-10-16 05:53 - 2011-07-27 08:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon

2014-10-15 14:12 - 2011-12-09 18:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-15 06:09 - 2011-12-09 18:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-10-15 06:09 - 2011-09-09 06:22 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-10-15 05:52 - 2014-07-18 15:09 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000UA.job

2014-10-15 05:52 - 2014-07-18 15:09 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2785784116-2001642337-1380054423-1000Core.job

2014-10-15 05:52 - 2014-06-15 06:20 - 00000286 _____ () C:\Windows\Tasks\WinZipDriverUpdater_UPDATES.job

2014-10-14 05:57 - 2014-05-28 09:21 - 00000000 ____D () C:\Users\BF2010\Desktop\hals 3d

2014-10-13 15:24 - 2011-03-10 17:46 - 00000000 ____D () C:\Users\BF2010\Documents\Calibre Library

2014-10-13 15:18 - 2011-03-10 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management

2014-10-09 18:46 - 2012-10-05 15:29 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2013

2014-10-05 08:31 - 2011-05-20 13:22 - 00000000 ____D () C:\Users\BF2010\AppData\Roaming\GoodSync

2014-10-05 08:19 - 2014-09-01 13:35 - 00002033 _____ () C:\Users\Public\Desktop\GoodSync.lnk

2014-10-05 08:19 - 2011-05-20 13:22 - 00000000 ____D () C:\ProgramData\GoodSync

2014-10-05 08:19 - 2010-03-25 11:56 - 00000000 ____D () C:\Program Files\Siber Systems

2014-10-05 06:05 - 2010-03-25 12:47 - 00006653 _____ () C:\Users\BF2010\Desktop\Photobucket.rfp

Files to move or delete:

====================

C:\Users\BF2010\AdbeRdr1001_en_US.exe

C:\Users\BF2010\BOIE9_ENUS_BO0085_WIN7.EXE

C:\Users\BF2010\ccsetup307.exe

C:\Users\BF2010\ChromeSetup.exe

C:\Users\BF2010\chrome_installer.exe

C:\Users\BF2010\FHSetup.exe

C:\Users\BF2010\Firefox Setup 10.0.2.exe

C:\Users\BF2010\Firefox Setup 3.6.18.exe

C:\Users\BF2010\Firefox Setup 8.0.1.exe

C:\Users\BF2010\Firefox Setup 9.0.1.exe

C:\Users\BF2010\hosts-perm.bat

C:\Users\BF2010\IE9-Windows7-x86-enu.exe

C:\Users\BF2010\install_flash_player.exe

C:\Users\BF2010\install_flash_player_ax.exe

C:\Users\BF2010\mbam-setup-1.51.0.1200.exe

C:\Users\BF2010\Photoshop_12_LS1.exe

C:\Users\BF2010\RealPlayer.exe

C:\Users\BF2010\setup.exe

C:\Users\BF2010\Shockwave_Installer_Slim.exe

C:\Users\BF2010\uninstall_flash_player.exe

C:\Users\BF2010\vlc-1.1.10-win32.exe

C:\Users\BF2010\WhatInStartup.exe

C:\Users\BF2010\windows-kb890830-v3.17.exe

C:\Users\BF2010\windows6.1-KB976932-ia64.exe

C:\Users\BF2010\windows6.1-KB976932-X64.exe

C:\Users\BF2010\windows6.1-KB976932-X86 (2).exe

C:\Users\BF2010\windows6.1-KB976932-x86.exe

Some content of TEMP:

====================

C:\Users\BF2010\AppData\Local\Temp\dropbox_sqlite_ ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpivt6si.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 08:22

=

(end)

----------------------------

Attached Files

Addition.txt
(58.9 KB)