Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Netflix redirecting to a bitly link.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Netflix redirecting to a bitly link.

Unread postby slourcey » January 22nd, 2015, 4:13 pm

Netflix has been redirecting me through bitly very quckly after the page has fully loaded. I've ran Hitman, Spybot, Malwarebytes, Panda, TDSS, pretty much the works. Nothing has helped.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Mercy (administrator) on YUHBOOTIE on 22-01-2015 01:02:29
Running from C:\Users\Mercy\Downloads
Loaded Profiles: Mercy (Available profiles: Mercy)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) E:\Mercy-Programs\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(BitTorrent Inc.) C:\Users\Mercy\AppData\Roaming\uTorrent\uTorrent.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Panda Security, S.L.) E:\Mercy-Programs\Panda\PSANHost.exe
(CERN, PH/SFT Group) C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Panda Security, S.L.) E:\Mercy-Programs\Panda\PSUAMain.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Panda Security, S.L.) E:\Mercy-Programs\Panda\PSUAService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\nacl64.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Apple Inc.) E:\Mercy-Programs\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-02-21] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => E:\Mercy-Programs\Panda\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2109952 2014-10-07] (Dominik Reichl)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [MurGee.com Auto Clicker] => E:\Mercy-Programs\Auto Clicker\AutoClicker.exe [108048 2014-12-01] (MurGee.com)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [uTorrent] => C:\Users\Mercy\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-21] (BitTorrent Inc.)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [DAEMON Tools Lite] => E:\Mercy-Programs (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-06] (AMD)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [GoogleChromeAutoLaunch_4A8304EC5332B52ED336B7C8F917D7FC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2015-01-08] (Google Inc.)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [CernVM WebAPI] => C:\Program Files (x86)\CERN\CernVMWebAPI\cernvm-webapi.exe [2763000 2014-12-05] (CERN, PH/SFT Group)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\MountPoints2: {a5690dca-7acc-11e4-a80f-806e6f6e6963} - F:\EIProcessCaller.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
Startup: C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CouchPotato.lnk
ShortcutTarget: CouchPotato.lnk -> C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3240945929-2188185997-475948169-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> E:\Mercy-Programs\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> E:\Mercy-Programs\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog5-x64 07 E:\Mercy-Programs\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> E:\Mercy-Programs\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> E:\Mercy-Programs\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF Plugin HKU\S-1-5-21-3240945929-2188185997-475948169-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mercy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.avg.com/?cid={82E2AEC2-5046-4832-AB8F-50B36292447C}&mid=577766e2fa0247d095e33909b4d9181d-b03d222c6d7ef924dd9df22adddd1b89000a61d2&lang=en&ds=ft011&pr=sa&d=&v=10.2.0.3&sap=hp
CHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://start.sweetpacks.com/?barid={E580A0F0-D869-11E2-A4F4-E840F23DF1EE}&src=10&crg=3.5000006.10043&st=23"
CHR Profile: C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-05]
CHR Extension: (Google Docs) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-05]
CHR Extension: (Google Drive) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-05]
CHR Extension: (YouTube) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-05]
CHR Extension: (Adblock Plus) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-05]
CHR Extension: (Google Search) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-05]
CHR Extension: (GAIN Fitness) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpompjlmddcnpijabjfcgnpmoibdffoc [2014-12-05]
CHR Extension: (Dragon Web Extension) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2015-01-11]
CHR Extension: (Reditr Web App - The Best Reddit Client) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejmiceoebcclihjdpnmmkdcmcboekibc [2014-12-05]
CHR Extension: (Flix Plus) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjjgdnadfneaamhipplgpfkdnbfagla [2015-01-11]
CHR Extension: (Google Sheets) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-05]
CHR Extension: (HTTPS Everywhere) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2015-01-11]
CHR Extension: (Save to Google Drive) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-12-05]
CHR Extension: (Avast Online Security) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-05]
CHR Extension: (Pin It Button) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-12-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-11]
CHR Extension: (Eye Dropper) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2014-12-05]
CHR Extension: (Color Piano!) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2014-12-05]
CHR Extension: (Youtube-to-MP3) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jekmfmemcfggilfpgplgjbfaijgchhfc [2015-01-16]
CHR Extension: (CouchPotato) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jochingjncojldfclaicaomboafaiong [2014-12-22]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2015-01-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-12-05]
CHR Extension: (StumbleUpon) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg [2014-12-05]
CHR Extension: (Any.do Extension) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2014-12-05]
CHR Extension: (InvisibleHand) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko [2015-01-11]
CHR Extension: (Skype Click to Call) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-11]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-11]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-12-05]
CHR Extension: (Mint) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhgffcfekbglhpcdjkhhjekhdnddkflg [2015-01-11]
CHR Extension: (Hangouts) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-12-05]
CHR Extension: (Google Wallet) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-05]
CHR Extension: (Any.do) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld [2015-01-11]
CHR Extension: (Readability) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2014-12-05]
CHR Extension: (Gmail) - C:\Users\Mercy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-05]
CHR HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; E:\Mercy-Programs\Bonjour\mDNSResponder.exe [462184 2011-08-31] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [103936 2014-08-29] (Creative Technology Ltd)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R3 iPod Service; E:\Mercy-Programs\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; E:\Mercy-Programs\Panda\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S3 osppsvc; E:\Mercy-Programs\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5132888 2014-12-13] (Microsoft Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; E:\Mercy-Programs\Panda\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)
S3 CMUSBDAC; C:\Windows\System32\DRIVERS\CMUSBDAC.sys [594944 2014-09-19] (C-MEDIA)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1051392 2014-08-29] (Creative Technology Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-12-08] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-21] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 01:02 - 2015-01-22 01:02 - 00031261 _____ () C:\Users\Mercy\Downloads\FRST.txt
2015-01-22 01:02 - 2015-01-22 01:02 - 00000000 ____D () C:\FRST
2015-01-22 01:01 - 2015-01-22 01:01 - 02126848 _____ (Farbar) C:\Users\Mercy\Downloads\FRST64.exe
2015-01-22 00:59 - 2015-01-22 00:59 - 991000988 _____ () C:\Windows\MEMORY.DMP
2015-01-22 00:59 - 2015-01-22 00:59 - 00281888 _____ () C:\Windows\Minidump\012215-11622-01.dmp
2015-01-22 00:59 - 2015-01-22 00:59 - 00000000 ____D () C:\Windows\Minidump
2015-01-21 22:47 - 2015-01-21 22:47 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-21 22:46 - 2015-01-21 22:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-21 22:46 - 2015-01-21 22:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-21 22:46 - 2015-01-21 22:46 - 00001381 _____ () C:\ProgramData\Desktop\Spybot-S&D Start Center.lnk
2015-01-21 22:46 - 2015-01-21 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-21 22:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-21 22:45 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150121-224522.backup
2015-01-21 22:44 - 2015-01-21 22:44 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mercy\Downloads\spybot-2.4.exe
2015-01-21 22:42 - 2015-01-21 23:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-21 22:39 - 2015-01-21 22:39 - 16409960 _____ (Safer Networking Limited ) C:\Users\Mercy\Downloads\spybotsd162.exe
2015-01-21 22:23 - 2015-01-21 22:23 - 01931088 _____ (Symantec Corporation) C:\Users\Mercy\Downloads\FixTDSS.exe
2015-01-21 22:17 - 2015-01-21 22:17 - 00000352 _____ () C:\Windows\system32\.crusader
2015-01-21 22:12 - 2015-01-21 22:18 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-01-21 22:12 - 2015-01-21 22:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-21 22:12 - 2015-01-21 22:12 - 00000000 ____D () E:\Mercy-Programs\HitmanPro
2015-01-21 22:04 - 2015-01-21 22:05 - 11225840 _____ (SurfRight B.V.) C:\Users\Mercy\Downloads\HitmanPro_x64.exe
2015-01-21 21:57 - 2015-01-22 00:59 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-21 21:57 - 2015-01-21 21:57 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 21:57 - 2015-01-21 21:57 - 00001104 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-21 21:57 - 2015-01-21 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-21 21:57 - 2015-01-21 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-21 21:57 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-21 21:57 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-21 21:57 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-21 21:56 - 2015-01-21 21:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Mercy\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-21 21:56 - 2015-01-21 21:56 - 00000629 _____ () C:\Users\Mercy\Desktop\JRT.txt
2015-01-21 21:54 - 2015-01-21 21:54 - 01707939 _____ (Thisisu) C:\Users\Mercy\Downloads\JRT.exe
2015-01-21 21:54 - 2015-01-21 21:54 - 00000000 ____D () C:\Windows\ERUNT
2015-01-21 21:51 - 2015-01-21 21:52 - 00000000 ____D () C:\AdwCleaner
2015-01-21 21:50 - 2015-01-21 21:50 - 02186752 _____ () C:\Users\Mercy\Downloads\adwcleaner_4.108.exe
2015-01-21 01:24 - 2015-01-21 01:24 - 00000000 ____D () C:\ProgramData\Brother
2015-01-20 06:32 - 2015-01-20 06:32 - 00122141 _____ () C:\Users\Mercy\Downloads\Power in the Blood.aup
2015-01-20 06:32 - 2015-01-20 06:32 - 00106703 _____ () C:\Users\Mercy\Downloads\chapter 3.aup
2015-01-20 06:31 - 2015-01-20 06:31 - 00122132 _____ () C:\Users\Mercy\Downloads\chapter 1.aup
2015-01-20 06:31 - 2015-01-20 06:31 - 00077176 _____ () C:\Users\Mercy\Downloads\chapter 2.aup
2015-01-19 16:44 - 2015-01-19 16:44 - 00044032 _____ () C:\Users\Mercy\Downloads\ACXQCSheetForAudiobookEditing.xls
2015-01-19 03:38 - 2015-01-19 03:38 - 00033929 _____ () C:\Users\Mercy\Downloads\[kickass.so]joe.rogan.questions.everything.s01e01.hdtv.x264.evolve.torrent
2015-01-16 19:54 - 2015-01-16 19:54 - 00000000 __RHD () C:\MSOCache
2015-01-16 19:52 - 2015-01-16 19:52 - 00002179 _____ () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-16 19:52 - 2015-01-16 19:52 - 00002102 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-16 19:52 - 2015-01-16 19:52 - 00002102 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-16 19:52 - 2015-01-16 19:52 - 00000000 ___RD () C:\Users\Mercy\OneDrive
2015-01-16 19:52 - 2015-01-16 19:52 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-16 19:49 - 2015-01-16 19:49 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-01-16 19:48 - 2015-01-16 19:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-01-16 19:47 - 2015-01-16 19:47 - 01060536 _____ (Microsoft Corporation) C:\Users\Mercy\Downloads\Setup.X86.en-US_O365HomePremRetail_c1df3e3d-21f2-443f-afcc-830528000df9_TX_PR_.exe
2015-01-16 16:55 - 2015-01-16 16:55 - 06745265 _____ () C:\Users\Mercy\Downloads\Steal Like an Artist.epub
2015-01-16 12:34 - 2015-01-16 12:34 - 00003975 _____ () C:\Users\Mercy\Downloads\youtube2mp3 (1).crx
2015-01-16 12:33 - 2015-01-16 12:33 - 00003975 _____ () C:\Users\Mercy\Downloads\youtube2mp3.crx
2015-01-15 21:22 - 2015-01-15 22:26 - 00000000 ____D () C:\Users\Mercy\Documents\My Kindle Content
2015-01-15 21:22 - 2015-01-15 21:22 - 00001996 _____ () C:\Users\Mercy\Desktop\Kindle.lnk
2015-01-15 21:22 - 2015-01-15 21:22 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-15 21:22 - 2015-01-15 21:22 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Amazon
2015-01-15 21:18 - 2015-01-15 21:18 - 38157960 _____ (Amazon.com) C:\Users\Mercy\Downloads\KindleForPC-installer.exe
2015-01-14 22:31 - 2015-01-16 23:52 - 20176297 _____ () C:\Users\Mercy\Downloads\Windows Navigation Skills.story
2015-01-14 22:19 - 2015-01-14 22:19 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2015-01-14 22:19 - 2015-01-14 22:19 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2015-01-14 21:59 - 2015-01-14 21:59 - 15281571 _____ () C:\Users\Mercy\Downloads\MouseSkills.story
2015-01-14 21:50 - 2015-01-14 21:50 - 00000000 ____D () C:\ProgramData\Articulate
2015-01-14 21:49 - 2015-01-16 23:34 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Articulate
2015-01-14 21:49 - 2015-01-16 20:02 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Articulate
2015-01-14 21:49 - 2015-01-14 21:49 - 00002395 _____ () C:\Users\Public\Desktop\Articulate Storyline 2.lnk
2015-01-14 21:49 - 2015-01-14 21:49 - 00002395 _____ () C:\ProgramData\Desktop\Articulate Storyline 2.lnk
2015-01-14 21:49 - 2015-01-14 21:49 - 00000000 ___SD () C:\Users\Mercy\Documents\My Articulate Projects
2015-01-14 21:49 - 2015-01-14 21:49 - 00000000 ____D () C:\Users\Mercy\AppData\Local\IsolatedStorage
2015-01-14 21:49 - 2015-01-14 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Articulate
2015-01-14 21:46 - 2015-01-14 21:47 - 291489984 _____ (Articulate) C:\Users\Mercy\Downloads\storyline-2.exe
2015-01-14 03:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 03:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 03:17 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 03:17 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 03:17 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 03:17 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 03:17 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 03:17 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 03:17 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 03:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 03:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 03:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 03:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 11:45 - 2015-01-12 11:45 - 01512320 _____ () C:\Users\Mercy\Downloads\doxo_desktop.air
2015-01-11 23:05 - 2015-01-11 23:08 - 00000000 ____D () E:\Mercy-Programs\Jagged Alliance Flashback
2015-01-11 23:05 - 2015-01-11 23:05 - 00000583 _____ () C:\Users\Public\Desktop\Jagged Alliance Flashback.lnk
2015-01-11 23:05 - 2015-01-11 23:05 - 00000583 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jagged Alliance Flashback.lnk
2015-01-11 23:05 - 2015-01-11 23:05 - 00000583 _____ () C:\ProgramData\Desktop\Jagged Alliance Flashback.lnk
2015-01-11 19:49 - 2015-01-11 19:50 - 55946322 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 9. E5- Bench Weighted Straddles-HD.mp4
2015-01-11 19:49 - 2015-01-11 19:50 - 317853422 _____ () C:\Users\Mercy\Downloads\Stretching%20exercises-%2011.%20E6A–E6D-%20Side%20splits%20props%20variations-HD (1).mp4
2015-01-11 19:49 - 2015-01-11 19:50 - 111226630 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 8. E4- Tailor Pose Pt 2-HD.mp4
2015-01-11 19:49 - 2015-01-11 19:49 - 89380536 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 10. L5- Lying Leg Circles-HD.mp4
2015-01-11 19:49 - 2015-01-11 19:49 - 124571973 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 7. L4- Half Pancake-HD.mp4
2015-01-11 19:48 - 2015-01-11 19:49 - 73643809 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 5. L3- Chinese Hip Grinder-HD.mp4
2015-01-11 19:48 - 2015-01-11 19:48 - 68104635 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 1. L1- Skandasana-HD.mp4
2015-01-11 19:45 - 2015-01-11 19:47 - 317853422 _____ () C:\Users\Mercy\Downloads\Stretching%20exercises-%2011.%20E6A–E6D-%20Side%20splits%20props%20variations-HD.mp4
2015-01-11 19:45 - 2015-01-11 19:47 - 254610051 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 15. E9- Pancake-HD.mp4
2015-01-11 19:45 - 2015-01-11 19:46 - 182516909 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 2. E1A-E1B- Tailor Pose Pt 1-HD (1).mp4
2015-01-11 19:45 - 2015-01-11 19:45 - 95952150 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 3. L2A-L2B- Standing Wide Leg Limbers-HD.mp4
2015-01-11 19:45 - 2015-01-11 19:45 - 46080889 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 6. E3- Flat Frog-HD.mp4
2015-01-11 19:45 - 2015-01-11 19:45 - 46080889 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 6. E3- Flat Frog-HD (1).mp4
2015-01-11 19:45 - 2015-01-11 19:45 - 31063296 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 4. E2- The Underbutt-HD.mp4
2015-01-11 19:44 - 2015-01-11 19:45 - 182516909 _____ () C:\Users\Mercy\Downloads\Stretching exercises- 2. E1A-E1B- Tailor Pose Pt 1-HD.mp4
2015-01-11 17:02 - 2015-01-11 17:02 - 00002301 _____ () C:\Users\Mercy\Desktop\Chrome App Launcher.lnk
2015-01-11 17:02 - 2015-01-11 17:02 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-11 16:48 - 2015-01-11 16:48 - 00001355 _____ () C:\Users\Mercy\AppData\Roaming\SAS7_000.DAT
2015-01-11 16:29 - 2015-01-11 16:29 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Nuance
2015-01-11 16:29 - 2015-01-11 16:29 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\FLEXnet
2015-01-11 15:00 - 2015-01-15 07:20 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Skype
2015-01-11 15:00 - 2015-01-11 15:00 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-01-11 15:00 - 2015-01-11 15:00 - 00002697 _____ () C:\ProgramData\Desktop\Skype.lnk
2015-01-11 15:00 - 2015-01-11 15:00 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Skype
2015-01-11 15:00 - 2015-01-11 15:00 - 00000000 ____D () C:\ProgramData\Skype
2015-01-11 15:00 - 2015-01-11 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-01-11 14:58 - 2015-01-11 14:58 - 01548384 _____ (Skype Technologies S.A.) C:\Users\Mercy\Downloads\SkypeSetup.exe
2015-01-11 14:58 - 2015-01-11 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi Firmware Update Tool
2015-01-11 14:36 - 2015-01-15 07:20 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-11 14:36 - 2015-01-11 14:36 - 00002799 _____ () C:\Users\Public\Desktop\Dragon NaturallySpeaking.lnk
2015-01-11 14:36 - 2015-01-11 14:36 - 00002799 _____ () C:\ProgramData\Desktop\Dragon NaturallySpeaking.lnk
2015-01-11 14:36 - 2015-01-11 14:36 - 00002787 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Dragon NaturallySpeaking.lnk
2015-01-11 14:36 - 2015-01-11 14:36 - 00001868 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2015-01-11 14:36 - 2015-01-11 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking
2015-01-11 14:35 - 2015-01-11 14:35 - 00000000 ____D () C:\ProgramData\Nuance
2015-01-11 14:35 - 2015-01-11 14:35 - 00000000 ____D () C:\ProgramData\Macrovision
2015-01-11 14:35 - 2015-01-11 14:35 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-01-11 14:09 - 2015-01-11 14:09 - 00000000 ____D () C:\Users\Mercy\Documents\Video Mask Projects
2015-01-11 13:28 - 2015-01-11 13:28 - 00001646 _____ () C:\Users\Mercy\Desktop\Launcher_Main - Shortcut.lnk
2015-01-11 13:25 - 2015-01-11 13:25 - 00000000 ____D () C:\Users\Mercy\AppData\Local\Logitech® Webcam Software
2015-01-11 13:24 - 2015-01-11 13:24 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-01-11 13:23 - 2015-01-11 13:23 - 00000000 ____D () C:\Users\Mercy\AppData\Local\LogiShrd
2015-01-11 13:22 - 2015-01-11 13:22 - 00004053 _____ () C:\Windows\LDPINST.LOG
2015-01-11 13:22 - 2015-01-11 13:22 - 00002007 _____ () C:\Users\Public\Desktop\Logitech Vid HD.lnk
2015-01-11 13:22 - 2015-01-11 13:22 - 00002007 _____ () C:\ProgramData\Desktop\Logitech Vid HD.lnk
2015-01-11 13:22 - 2015-01-11 13:22 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Leadertech
2015-01-11 13:22 - 2015-01-11 13:22 - 00000000 ____D () C:\ProgramData\Logitech
2015-01-11 13:21 - 2015-01-11 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-01-11 13:21 - 2015-01-11 13:21 - 00001626 _____ () C:\Users\Public\Desktop\Logitech Webcam Software .lnk
2015-01-11 13:21 - 2015-01-11 13:21 - 00001626 _____ () C:\ProgramData\Desktop\Logitech Webcam Software .lnk
2015-01-11 13:18 - 2015-01-11 13:18 - 07061144 _____ (Logitech, Inc.) C:\Users\Mercy\Downloads\lws240c920_smart.exe
2015-01-11 13:18 - 2015-01-11 13:18 - 02442992 _____ (Logitech Europe S.A.) C:\Users\Mercy\Downloads\C930eFWUpdate1.0.84.exe
2015-01-11 13:16 - 2015-01-11 13:22 - 00009896 _____ () C:\Windows\system32\lvcoinst.log
2015-01-11 13:16 - 2015-01-11 13:22 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2015-01-11 03:18 - 2015-01-11 03:18 - 00000000 ____D () C:\ProgramData\Steam
2015-01-11 03:14 - 2015-01-11 03:14 - 00000768 _____ () C:\Users\Public\Desktop\Merchants of Kaidan.lnk
2015-01-11 03:14 - 2015-01-11 03:14 - 00000768 _____ () C:\ProgramData\Desktop\Merchants of Kaidan.lnk
2015-01-11 03:14 - 2015-01-11 03:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merchants of Kaidan
2015-01-11 00:23 - 2015-01-11 00:23 - 00012342 _____ () C:\Users\Mercy\Downloads\[kickass.so]merchants.of.kaidan.2014.pc.repack.torrent
2015-01-01 20:12 - 2015-01-01 20:12 - 08995370 _____ () C:\Users\Mercy\Downloads\pandora5.5FULL.apk
2014-12-31 00:12 - 2015-01-20 07:49 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Audacity
2014-12-31 00:12 - 2015-01-17 04:56 - 00000843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-12-31 00:12 - 2014-12-31 00:12 - 00000690 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-12-31 00:12 - 2014-12-31 00:12 - 00000690 _____ () C:\ProgramData\Desktop\Audacity.lnk
2014-12-31 00:12 - 2014-12-31 00:12 - 00000000 ____D () E:\Mercy-Programs\Audacity
2014-12-31 00:09 - 2014-12-31 00:09 - 22892794 _____ (Audacity Team ) C:\Users\Mercy\Downloads\audacity-win-2.0.6.exe
2014-12-29 18:42 - 2014-12-29 18:42 - 00000000 ____D () C:\Users\Mercy\Documents\ArtRage Paintings
2014-12-29 18:41 - 2014-12-29 18:42 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\Ambient Design
2014-12-29 18:41 - 2014-12-29 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtRage 4
2014-12-29 18:41 - 2014-12-29 18:41 - 00000000 ____D () C:\ProgramData\Caphyon
2014-12-29 04:50 - 2014-12-29 04:50 - 00000854 _____ () C:\Users\Public\Desktop\Metal Gear Solid Ground Zeroes.lnk
2014-12-29 04:50 - 2014-12-29 04:50 - 00000854 _____ () C:\ProgramData\Desktop\Metal Gear Solid Ground Zeroes.lnk
2014-12-29 04:50 - 2014-12-29 04:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid Ground Zeroes
2014-12-28 19:00 - 2014-12-28 19:00 - 00000000 ____D () C:\Windows\System32\Tasks\Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-22 01:01 - 2014-12-04 00:39 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\uTorrent
2015-01-22 00:59 - 2014-12-06 14:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 00:59 - 2010-11-20 22:47 - 00013020 _____ () C:\Windows\PFRO.log
2015-01-22 00:59 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 00:59 - 2009-07-13 23:51 - 00035604 _____ () C:\Windows\setupact.log
2015-01-22 00:36 - 2014-12-04 00:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-22 00:18 - 2014-12-06 14:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-21 23:16 - 2014-12-03 04:19 - 01674915 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 22:45 - 2009-07-13 21:34 - 00450716 ____R () C:\Windows\system32\Drivers\etc\hosts.20150121-233209.backup
2015-01-21 22:26 - 2009-07-13 23:45 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:26 - 2009-07-13 23:45 - 00026368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 22:25 - 2009-07-14 00:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 22:18 - 2011-04-12 03:28 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
2015-01-21 21:53 - 2009-07-13 23:45 - 06408640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-21 21:11 - 2014-12-08 03:15 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\vlc
2015-01-20 06:31 - 2014-12-06 15:04 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-20 06:28 - 2014-12-06 15:04 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC.lnk
2015-01-17 04:55 - 2014-12-03 04:19 - 00000000 ____D () C:\Users\Mercy
2015-01-16 20:02 - 2014-12-04 00:24 - 00531968 _____ () C:\Users\Mercy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-16 09:19 - 2014-12-09 00:13 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-16 09:19 - 2014-12-09 00:13 - 00002185 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2015-01-15 07:21 - 2014-12-04 04:24 - 00000000 ____D () E:\Mercy-Programs\Panda
2015-01-15 03:04 - 2014-12-04 04:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:00 - 2014-12-04 04:34 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 22:19 - 2014-12-06 14:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-14 22:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-14 21:48 - 2014-12-06 15:09 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-14 02:36 - 2014-12-04 00:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 02:36 - 2014-12-04 00:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 02:36 - 2014-12-04 00:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 14:36 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-12-29 04:51 - 2014-12-06 18:49 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-28 00:27 - 2014-12-06 14:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-28 00:25 - 2014-12-22 19:56 - 00000000 ____D () C:\Users\Mercy\AppData\Roaming\CouchPotato
2014-12-28 00:25 - 2014-12-22 19:12 - 00014144 _____ () C:\Users\Mercy\Desktop\chrome - Shortcut.lnk

==================== Files in the root of some directories =======
2014-12-06 15:02 - 2013-05-08 21:36 - 0073343 _____ () E:\Mercy-Programs\au_disc.ico
2014-12-06 15:30 - 2014-12-06 16:28 - 0000034 _____ () C:\Users\Mercy\AppData\Roaming\AdobeWLCMCache.dat
2015-01-11 16:48 - 2015-01-11 16:48 - 0001355 _____ () C:\Users\Mercy\AppData\Roaming\SAS7_000.DAT
2014-12-04 00:18 - 2014-12-04 00:18 - 0000000 _____ () C:\Users\Mercy\AppData\Local\Driver_LOM_8161Present.flag

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 00:21

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Mercy at 2015-01-22 01:02:49
Running from C:\Users\Mercy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
µTorrent (HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.0.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{FD8FD2BD-A82D-C528-EDA0-A6635F47C19C}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Antares Autotune VST v5.09 (HKLM-x32\...\Antares Autotune VST_is1) (Version: - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Articulate Storyline 2 (HKLM-x32\...\{e1041485-be09-48e8-913c-40e1294c27a6}) (Version: 2.4.199.0 - Articulate)
ArtRage 4 (HKLM-x32\...\ArtRage 4 4.0.2.1) (Version: 4.0.2.1 - Ambient Design)
ArtRage 4 (x32 Version: 4.0.2.1 - Ambient Design) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Auto Clicker v1.9 (HKLM-x32\...\{C0A7E4F3-82CC-416B-82C6-BA06AACFD635}_is1) (Version: 1.9 - MurGee.com)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CernVM WebAPI (HKLM-x32\...\{44665543-936F-427B-B48D-BD1F1C9DBABE}) (Version: 2.0.12.0 - PH/SFT Group, CERN)
CouchPotato (HKLM-x32\...\CouchPotato_is1) (Version: 2 - Your Mom)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Driver Fusion (HKLM-x32\...\{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1) (Version: 1.7.0 - Treexy)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.16 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iZotope Nectar 2 Production Suite (HKLM-x32\...\iZotope Nectar 2 Production Suite_is1) (Version: 2.00 - iZotope, Inc.)
Jagged Alliance Flashback (HKLM-x32\...\SmFnZ2VkQWxsaWFuY2VGbGFzaGJhY2s=_is1) (Version: 1 - )
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
KeePass Password Safe 2.28 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.28 - Dominik Reichl)
Logi Firmware Update Tool for C930e (HKLM-x32\...\FWUpdateC930e) (Version: 1.0.84.0 - Logitech Europe S.A.)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Max 6.1.9 (x64) (HKLM\...\{EAB0C3CD-60A0-48C3-A67F-E0AF38D75978}) (Version: 136.1.9 - Cycling '74)
Metal Gear Solid Ground Zeroes, âåðñèÿ 1.0.0.0 (HKLM-x32\...\Metal Gear Solid Ground Zeroes_is1) (Version: 1.0.0.0 - RePack by SEYTER)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
Native Instruments Abbey Road Vintage Drummer (HKLM-x32\...\Native Instruments Abbey Road Vintage Drummer) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.3.1.37 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Session Horns Pro (HKLM-x32\...\Native Instruments Session Horns Pro) (Version: 1.1.0.5 - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.3.12 (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PayDay 2 (HKLM-x32\...\PayDay 2_is1) (Version: 1.21.1 - 505 Games)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
ReValver Mk IIIdotV x64 (HKLM\...\ReValver Mk IIIdotV x64_is1) (Version: - )
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
ShellExtensionx64 (Version: 2.4.199.0 - Articulate) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sound Blaster Recon3Di (HKLM-x32\...\{918F3CE9-7164-4C6D-9530-66F12EFB4585}) (Version: 1.03.00 - Creative Technology Limited)
Sound Blaster Recon3Di Extras (HKLM-x32\...\{536BDBFC-CA1A-4AC0-A8EB-BB2D0F1F522E}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Storyline (x32 Version: 2.4.199.0 - Articulate) Hidden
Sugar Bytes Vogue 1.3.1 (HKLM\...\Vogue_is1) (Version: 1.3.1 - Sugar Bytes)
Sugar Bytes WOW2 2.0.2 (HKLM\...\WOW2_is1) (Version: 2.0.2 - Sugar Bytes)
Survivalist (HKLM-x32\...\Survivalistv25) (Version: v25 - Bob the PR Bot)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 v2.21 (HKLM\...\Sylenth1_is1) (Version: - )
Tales from Space: Mutant Blobs Attack (HKLM-x32\...\Steam App 206370) (Version: - DrinkBox Studios)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version: - Stoic)
This War of Mine (HKLM-x32\...\{5FD7B6B3-08C7-4FEE-9C37-A2134C699885}}_is1) (Version: 1 - 11 bit studios)
TVTrigger (HKLM-x32\...\TVTrigger) (Version: 1.41 - Techberg)
Unity Web Player (HKU\S-1-5-21-3240945929-2188185997-475948169-1000\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mercy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mercy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mercy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mercy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240945929-2188185997-475948169-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mercy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-21 23:32 - 00450832 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02C7639B-EA09-4D1E-9387-61CDF004BDD3} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {11880FEC-452B-4C83-B86B-E414E993F40E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {17F58392-2DEC-4118-BF79-AC82588CEA8B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {3F1730BC-A853-40D3-B78E-47E3E1728FA6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-06] (Google Inc.)
Task: {50166A66-7963-490C-B94B-7F658A243EA2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {5E055550-CC69-4BA8-BCAC-943DB2C8BE9A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {61CCF093-63FA-43EA-B0B6-2DEDBF30E581} - System32\Tasks\CCleanerSkipUAC => E:\Mercy-Programs\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {625C9285-8D0F-4943-B954-EF004DBDCC22} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-01-16] (Microsoft Corporation)
Task: {6BBC4059-FDB5-4FC7-998B-F7E9A0023C42} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {73B8EEB8-B4EC-4637-A202-33F3C2706E85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E0C6B03F-5C38-4481-AE8D-F9ABE5E6B062} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E4D89200-3DC5-4FD1-834B-F19B1695AECB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-06] (Google Inc.)
Task: {ECADE0FB-1672-4EBF-AD65-3FBE51F336A3} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3240945929-2188185997-475948169-1000
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2015-01-16 19:49 - 2015-01-16 19:49 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-01-16 19:47 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-08 17:30 - 2013-08-08 17:30 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-12-22 19:56 - 2014-11-09 16:44 - 00393728 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato.exe
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-10-11 16:06 - 2014-10-11 16:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 16:05 - 2014-10-11 16:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () E:\Mercy-Programs\Panda\SQLite3.dll
2014-12-22 19:56 - 2014-06-30 19:04 - 00087552 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_ctypes.pyd
2014-12-22 19:56 - 2014-09-09 18:27 - 01176576 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\wx._core_.pyd
2014-12-22 19:56 - 2014-09-09 18:27 - 00806400 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\wx._gdi_.pyd
2014-12-22 19:56 - 2014-09-09 18:27 - 00816128 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\wx._windows_.pyd
2014-12-22 19:56 - 2014-09-09 18:28 - 01067008 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\wx._controls_.pyd
2014-12-22 19:56 - 2014-09-09 18:28 - 00733184 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\wx._misc_.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00715264 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_hashlib.pyd
2014-12-22 19:56 - 2014-06-30 19:03 - 00046080 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_socket.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 01160704 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_ssl.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00686080 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\unicodedata.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00010240 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\select.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00048128 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_sqlite3.pyd
2014-12-22 19:56 - 2014-06-30 19:02 - 00426496 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\sqlite3.dll
2014-12-22 19:56 - 2014-06-30 19:04 - 00068608 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\bz2.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00027136 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_multiprocessing.pyd
2014-12-22 19:56 - 2012-10-27 19:21 - 00098816 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\win32api.pyd
2014-12-22 19:56 - 2012-10-27 19:20 - 00110080 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\pywintypes27.dll
2014-12-22 19:56 - 2012-10-27 19:20 - 00119808 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\win32file.pyd
2014-12-22 19:56 - 2015-01-22 00:59 - 00165376 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\cache\copied.dll
2014-12-22 19:56 - 2014-06-30 19:04 - 00128512 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\_elementtree.pyd
2014-12-22 19:56 - 2014-06-30 19:04 - 00127488 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\pyexpat.pyd
2014-12-22 19:56 - 2014-09-10 22:22 - 02975744 _____ () C:\Users\Mercy\AppData\Roaming\CouchPotato\application\CouchPotato-2.6.1.win32\lxml.etree.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00098816 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32api.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00110080 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\pywintypes27.dll
2015-01-22 00:59 - 2015-01-22 00:59 - 00364544 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\pythoncom27.dll
2015-01-22 00:59 - 2015-01-22 00:59 - 00045568 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_socket.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 01160704 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_ssl.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00320512 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32com.shell.shell.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00713216 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_hashlib.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 01175040 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._core_.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00805888 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._gdi_.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00811008 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._windows_.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 01062400 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._controls_.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00735232 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._misc_.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00557056 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\pysqlite2._sqlite.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00128512 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_elementtree.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00127488 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\pyexpat.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00087552 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_ctypes.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00119808 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32file.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00108544 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32security.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00007168 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\hashobjs_ext.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00167936 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32gui.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00018432 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32event.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00038912 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32inet.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00011264 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32crypt.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00070656 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._html2.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00027136 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\_multiprocessing.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00035840 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32process.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00686080 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\unicodedata.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00122368 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._wizard.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00024064 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32pipe.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00025600 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32pdh.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00525640 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\windows._lib_cacheinvalidation.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00010240 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\select.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00017408 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32profile.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00022528 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\win32ts.pyd
2015-01-22 00:59 - 2015-01-22 00:59 - 00078336 _____ () C:\Users\Mercy\AppData\Local\Temp\_MEI30682\wx._animate.pyd
2015-01-16 09:19 - 2015-01-08 19:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-16 09:19 - 2015-01-08 19:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-16 09:19 - 2015-01-08 19:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-16 09:19 - 2015-01-08 19:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-21 22:46 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-21 22:46 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-21 22:46 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-21 22:46 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-21 22:46 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-12-12 15:44 - 2011-12-12 15:44 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2014-12-04 00:21 - 2013-09-16 15:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3240945929-2188185997-475948169-500 - Administrator - Disabled)
Guest (S-1-5-21-3240945929-2188185997-475948169-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3240945929-2188185997-475948169-1002 - Limited - Enabled)
Mercy (S-1-5-21-3240945929-2188185997-475948169-1000 - Administrator - Enabled) => C:\Users\Mercy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/22/2015 00:59:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 00:59:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/22/2015 00:59:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 11:32:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDScan.exe version 2.4.40.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 338c

Start Time: 01d035f68038606c

Termination Time: 3

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Report Id: a43dd5ba-a1ef-11e4-b2ba-74d435196da6

Error: (01/21/2015 10:47:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 10:47:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 10:45:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 10:45:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 10:43:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2015 10:43:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"1".
Dependent Assembly Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/22/2015 00:59:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/22/2015 00:59:39 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8800a371f86, 0xfffff880090b0758, 0xfffff880090affb0)C:\Windows\MEMORY.DMP012215-11622-01

Error: (01/22/2015 00:59:29 AM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

Error: (01/22/2015 00:59:38 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:57:52 AM on ‎1/‎22/‎2015 was unexpected.

Error: (01/21/2015 10:19:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.

Error: (01/21/2015 10:19:08 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/21/2015 10:18:05 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (01/22/2015 00:59:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/22/2015 00:59:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/22/2015 00:59:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 11:32:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDScan.exe2.4.40.181338c01d035f68038606c3C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exea43dd5ba-a1ef-11e4-b2ba-74d435196da6

Error: (01/21/2015 10:47:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/21/2015 10:47:20 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/21/2015 10:45:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/21/2015 10:45:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/21/2015 10:43:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe

Error: (01/21/2015 10:43:52 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Articulate.Drawing.Internal,processorArchitecture="x86",type="win32",version="2.30.0.4"C:\Windows\Installer\{A7072083-DC6A-48BA-BD6C-EBC7055CFD84}\Icon.exe


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4670 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 16262.36 MB
Available physical RAM: 12564.21 MB
Total Pagefile: 32522.89 MB
Available Pagefile: 27974.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:111.79 GB) (Free:30.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HDD) (Fixed) (Total:698.54 GB) (Free:472.47 GB) NTFS
Drive g: (External) (Fixed) (Total:2794.29 GB) (Free:1965.43 GB) NTFS
Drive h: (Jagged Alliance Flashback) (CDROM) (Total:1.41 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: B3843D01)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 2C24530E)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
slourcey
Active Member
 
Posts: 1
Joined: January 22nd, 2015, 4:05 pm
Advertisement
Register to Remove

Re: Netflix redirecting to a bitly link.

Unread postby MWR 3 day Mod » January 25th, 2015, 5:59 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Netflix redirecting to a bitly link.

Unread postby Cypher » January 28th, 2015, 9:17 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a
fresh DDS log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware