Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2016
Ran by Selkie (administrator) on SAPPHIREAURA (29-06-2016 12:13:25)
Running from C:\Users\Selkie\Downloads
Loaded Profiles: Selkie (Available Profiles: Selkie)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Pokki) C:\Users\Selkie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(LogMeIn, Inc) C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Nexon America) C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_runtime.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66328 2016-06-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [814608 2016-04-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [BingSvc] => C:\Users\Selkie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53123712 2016-05-17] (Skype Technologies S.A.)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3582240 2016-06-02] (Nota Inc.)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [join.me.launcher] => C:\Users\Selkie\AppData\Local\join.me.launcher\join.me.launcher.exe [176560 2015-10-27] (LogMeIn, Inc)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\...\Run: [Avira Phantom VPN] => C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe [677728 2016-06-14] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-04-20] (Acer Incorporated)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-04-09]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Selkie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nexon Launcher.lnk [2016-02-14]
ShortcutTarget: Nexon Launcher.lnk -> C:\Program Files (x86)\Nexon\Nexon Launcher\nexon_launcher.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{1EB2160B-C4CD-4CF2-A377-345D21DE18E9}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{3C9B2B82-757C-4930-8B1C-2D6F300F6721}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{47CDDA13-390E-4982-865D-0D63E4835D56}: [DhcpNameServer] 82.163.143.171
Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{686DBB29-6086-44A2-898F-E197840A6149}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [NameServer] 82.163.143.171 82.163.142.173
Tcpip\..\Interfaces\{A4D6282C-EC85-4F7F-AB9A-013825A19A09}: [DhcpNameServer] 82.163.143.171
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://
www.google.com/?trackid=sp-006
HKU\S-1-5-21-781349295-3500667339-3153741720-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://
www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_beri_16_22¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0Fzz0AzyyCtA0D0C0E0D0AyE0FtA0EtAtN0D0Tzu0StCyCtCyEtN1L2XzutAtFtBtBtFtAtFtDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0F0D0BtByDzztDtGyEtAzzyEtGzz0CyC0DtGtD0CyB0EtGzzyCyBtAyE0ByCzztB0EyEtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEtA0CyD0Ezy0DtGyCtC0AtCtGyE0E0B0FtG0AyCtBzytG0AtC0FyD0AyDyB0A0A0DyD0B2QtN0A0LzuyE%26cr%3D1287561171%26a%3Dwbf_beri_16_22%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {0F5C0D8C-331A-11E5-8264-F8A963DCEDA4} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2E745E3C-8764-40F0-8580-B4C96134724E} URL = hxxp://
www.bing.com/search?FORM=SK2MDF&PC=SK2M&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {7285DBF4-4A87-476B-BA44-7DE73C7B38F9} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-781349295-3500667339-3153741720-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://
www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-08-13] ()
FF Plugin-x32: Adobe Reader -> c:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-781349295-3500667339-3153741720-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Selkie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies ApS)
FF Extension: Adblock Plus - C:\Users\Selkie\AppData\Roaming\Mozilla\Firefox\Profiles\oi6tmdry.default-1466820894335\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-24]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-781349295-3500667339-3153741720-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [970656 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [467016 2016-04-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1435704 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows (R) Win 7 DDK provider) [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [302680 2016-06-01] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [230744 2016-06-14] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-04-18] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-08-13] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128664 2016-04-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [146712 2016-04-04] (Avira Operations GmbH & Co. KG)
U4 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-04-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-04-04] (Avira Operations GmbH & Co. KG)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-26] (Qualcomm Atheros)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-10] (Intel Corporation)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2016-06-07] (LogMeIn Inc.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-10] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-06-29 12:13 - 2016-06-29 12:14 - 00024466 ____C C:\Users\Selkie\Downloads\FRST.txt
2016-06-29 12:13 - 2016-06-29 12:13 - 00000000 ____D C:\FRST
2016-06-29 12:12 - 2016-06-29 12:13 - 02389504 _____ (Farbar) C:\Users\Selkie\Downloads\FRST64.exe
2016-06-27 19:04 - 2016-06-27 19:04 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-27 19:04 - 2016-06-27 19:04 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-27 19:04 - 2016-06-27 19:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-27 19:03 - 2016-06-27 19:03 - 00242136 ____C C:\Users\Selkie\Downloads\Firefox Setup Stub 47.0.exe
2016-06-27 17:47 - 2016-06-27 18:00 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\.minecraft
2016-06-27 17:46 - 2016-06-27 17:47 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-06-27 17:46 - 2016-06-27 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-06-27 17:44 - 2016-06-27 17:46 - 02314240 _____ C:\Users\Selkie\Downloads\MinecraftInstaller.msi
2016-06-27 17:40 - 2016-06-27 17:46 - 00000977 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-06-26 20:43 - 2016-06-27 17:29 - 00001126 _____ C:\Users\Selkie\Desktop\nativelog.txt
2016-06-26 17:27 - 2016-06-26 17:27 - 00705678 ____C C:\Users\Selkie\Downloads\Witch_Time.wav
2016-06-26 00:03 - 2016-06-26 00:03 - 00000000 ____D C:\Users\Selkie\AppData\Local\Avira_Operations_GmbH_&_C
2016-06-26 00:00 - 2016-06-26 00:00 - 00001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira Phantom VPN.lnk
2016-06-26 00:00 - 2016-06-26 00:00 - 00001060 _____ C:\Users\Public\Desktop\Avira Phantom VPN.lnk
2016-06-25 10:19 - 2016-06-25 10:19 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Avira
2016-06-25 10:14 - 2016-04-04 17:07 - 00146712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00128664 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-06-25 10:14 - 2016-04-04 17:07 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-06-25 10:11 - 2016-06-25 10:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-06-25 10:11 - 2016-06-25 10:11 - 00001226 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-06-25 10:10 - 2016-06-25 10:10 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw (1).exe
2016-06-24 22:14 - 2016-06-24 22:14 - 00000000 ____D C:\Users\Selkie\Desktop\Old Firefox Data
2016-06-24 20:59 - 2016-06-24 20:59 - 00000000 ____D C:\Users\Selkie\AppData\Local\LogMeIn
2016-06-24 17:06 - 2016-06-26 00:00 - 00000000 ____D C:\Program Files (x86)\Avira
2016-06-24 17:05 - 2016-06-25 10:14 - 00000000 ____D C:\ProgramData\Avira
2016-06-24 17:04 - 2016-06-24 17:04 - 04657056 ____C (Avira Operations GmbH & Co. KG) C:\Users\Selkie\Downloads\avira_en_av_576d9f7caa01e__adw.exe
2016-06-24 10:37 - 2016-06-24 10:40 - 00000000 ____D C:\ProgramData\15a6e625
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0abb7d67-112c-0}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{0a38d16c-512c-1}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{053a9a95-712c-1}
2016-06-24 10:37 - 2016-06-24 10:37 - 00000000 ____D C:\ProgramData\{02ebab93-112c-0}
2016-06-21 20:37 - 2016-06-21 20:37 - 00000000 ____D C:\Users\Selkie\Desktop\YandereSimJune21st
2016-06-21 19:42 - 2016-06-21 19:42 - 09717952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-06-14 05:06 - 2016-06-14 05:06 - 00036872 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-06-11 16:20 - 2016-04-09 19:29 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-11 16:20 - 2016-03-31 02:50 - 01307328 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-11 16:20 - 2016-03-30 23:40 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-11 16:19 - 2016-04-22 16:54 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-11 16:19 - 2016-04-22 16:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-11 16:19 - 2016-04-22 16:14 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-11 16:19 - 2016-04-22 16:08 - 06052864 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-11 16:19 - 2016-04-22 16:06 - 20349952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-11 16:19 - 2016-04-22 16:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-11 16:19 - 2016-04-22 15:35 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-11 16:19 - 2016-04-22 15:29 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-11 16:19 - 2016-04-22 15:24 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-06-11 16:19 - 2016-04-22 15:23 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-11 16:19 - 2016-04-22 15:19 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-11 16:19 - 2016-04-22 15:17 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-11 16:19 - 2016-04-22 15:14 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-11 16:19 - 2016-04-22 15:14 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-11 16:19 - 2016-04-22 15:14 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-11 16:19 - 2016-04-22 15:12 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-11 16:19 - 2016-04-22 14:58 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-11 16:19 - 2016-04-22 14:58 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-06-11 16:19 - 2016-04-22 14:54 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-11 16:19 - 2016-04-22 14:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-11 16:19 - 2016-04-22 14:52 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-11 16:19 - 2016-04-22 14:51 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-11 16:19 - 2016-04-22 14:40 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-11 16:19 - 2016-04-22 14:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-11 16:19 - 2016-04-22 14:27 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-11 16:19 - 2016-04-22 14:24 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-11 16:19 - 2016-04-22 14:23 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-11 16:15 - 2016-04-10 00:21 - 01763376 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-11 16:15 - 2016-04-10 00:21 - 01489088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-06-11 16:15 - 2016-04-09 17:58 - 00534016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-06-11 16:15 - 2016-04-09 17:50 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-06-11 16:15 - 2016-04-06 17:13 - 00561960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-11 16:15 - 2016-04-06 17:13 - 00137976 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-11 16:15 - 2016-04-06 14:20 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-11 16:15 - 2016-04-06 14:19 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-11 16:15 - 2016-04-06 14:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-11 16:15 - 2016-04-06 13:49 - 00120384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-11 16:15 - 2016-04-06 13:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-11 16:15 - 2016-04-06 12:57 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-11 16:15 - 2016-04-06 12:52 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-11 16:15 - 2016-04-06 12:20 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-11 16:15 - 2016-04-06 11:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-11 16:15 - 2016-03-28 21:42 - 07446368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-11 16:15 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-11 16:15 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-11 16:15 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-06-11 16:15 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-11 16:15 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-06-11 16:15 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-11 16:15 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-06-11 16:14 - 2016-04-11 02:21 - 00074584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2016-06-11 16:14 - 2016-04-10 03:48 - 00738096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-06-11 16:14 - 2016-04-10 03:48 - 00613624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-06-11 16:14 - 2016-04-10 01:37 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-11 16:14 - 2016-04-10 00:14 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-11 16:14 - 2016-04-09 18:07 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-08 20:18 - 2016-06-08 20:18 - 00000000 ____D C:\ProgramData\Gyazo
2016-06-07 16:02 - 2016-06-07 16:02 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2016-06-03 14:54 - 2016-06-03 14:54 - 00000045 _____ C:\Users\Selkie\AppData\Roaming\WB.CFG
2016-06-02 15:03 - 2016-06-24 10:42 - 00000000 ____D C:\ProgramData\a5e18247-5423-1
2016-06-02 15:03 - 2016-06-24 10:39 - 00000000 ____D C:\ProgramData\a5e18247-44a1-0
2016-06-02 15:02 - 2016-06-03 17:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Chromium
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\kingsoft
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\kingsoft
2016-06-02 15:02 - 2016-06-02 15:02 - 00000000 ____D C:\Program Files (x86)\Unknown File Handler
2016-06-02 15:01 - 2016-06-02 15:01 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-02 15:01 - 2016-06-02 15:01 - 00000000 ____D C:\Users\Selkie\AppData\Local\Setup685543875
2016-06-02 15:00 - 2016-06-02 15:02 - 00000000 ____D C:\Users\Selkie\AppData\Local\niso
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-10-21 09:36 - 2014-07-25 07:02 - 00000852 _____ C:\Windows\system32\Drivers\RTKHDRC.DAT
2021-10-04 03:34 - 2014-07-25 07:02 - 00000712 _____ C:\Windows\system32\Drivers\RTMICEQ0.DAT
2016-06-29 12:14 - 2015-07-25 22:16 - 00000000 ____D C:\Users\Selkie\AppData\Roaming\Skype
2016-06-29 12:10 - 2015-07-25 19:31 - 00000000 ____D C:\Users\Selkie\AppData\Local\CrashDumps
2016-06-29 11:44 - 2015-06-24 22:23 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-781349295-3500667339-3153741720-1001
2016-06-29 11:42 - 2016-04-06 15:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-29 11:39 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie\AppData\Local\SweetLabs App Platform
2016-06-29 11:38 - 2015-06-24 22:23 - 00000000 _____ C:\Windows\system32\newflow.dat
2016-06-27 18:59 - 2015-06-25 15:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-27 18:59 - 2015-06-25 15:34 - 00000000 ____D C:\Users\Selkie\AppData\Local\Google
2016-06-27 18:54 - 2015-12-29 22:25 - 00000000 ____D C:\Users\Selkie\AppData\Local\NexonLauncher
2016-06-27 18:46 - 2015-06-25 15:30 - 00000000 ___DO C:\Users\Selkie\OneDrive
2016-06-27 18:31 - 2014-03-18 06:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-27 18:31 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-06-27 18:27 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-27 18:25 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-06-27 17:06 - 2015-06-25 16:25 - 00000000 ____D C:\ProgramData\Oracle
2016-06-27 17:04 - 2016-04-01 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-06-27 17:04 - 2015-07-27 09:17 - 00000000 ____D C:\Program Files\Java
2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-27 17:04 - 2015-07-26 08:27 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-27 17:03 - 2016-04-01 20:16 - 00000000 ____D C:\Users\Selkie\.oracle_jre_usage
2016-06-27 17:03 - 2015-07-26 08:28 - 00097344 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-06-27 16:42 - 2014-05-16 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-06-27 16:27 - 2015-06-24 22:19 - 00000000 ____D C:\Users\Selkie\AppData\Local\clear.fi
2016-06-27 16:22 - 2016-01-25 16:27 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-27 16:22 - 2014-07-25 07:06 - 00000000 ____D C:\Program Files\Intel
2016-06-27 16:21 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-06-27 16:21 - 2016-01-25 16:24 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-27 16:18 - 2014-05-16 09:44 - 00000000 ____D C:\ProgramData\McAfee
2016-06-25 16:02 - 2015-10-22 18:24 - 00000000 ____D C:\Users\Selkie\.gimp-2.8
2016-06-25 15:47 - 2015-06-24 22:14 - 00000000 ____D C:\Users\Selkie
2016-06-25 10:10 - 2015-08-07 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-24 19:50 - 2015-09-04 18:14 - 00692736 ___SH C:\Users\Selkie\Documents\Thumbs.db
2016-06-24 19:28 - 2015-06-25 15:42 - 07632384 ___SH C:\Users\Selkie\Downloads\Thumbs.db
2016-06-24 11:46 - 2015-07-27 12:41 - 00949248 ___SH C:\Users\Selkie\Desktop\Thumbs.db
2016-06-23 20:17 - 2016-04-06 15:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-23 20:17 - 2013-08-22 10:44 - 00351024 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-21 19:43 - 2016-04-06 15:34 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-13 19:44 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\NDF
2016-06-13 16:22 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-06-13 16:17 - 2014-03-18 05:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-12 16:05 - 2015-07-25 22:15 - 00000000 ____D C:\ProgramData\Skype
2016-06-08 20:18 - 2016-02-18 19:31 - 00003424 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-06-08 20:18 - 2016-02-18 19:31 - 00003298 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-06-08 20:18 - 2016-02-18 19:31 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-06-08 18:45 - 2015-07-25 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-03 17:59 - 2015-07-25 18:24 - 00000000 ____D C:\Program Files (x86)\Enterbrain
2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-06-02 15:01 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
==================== Files in the root of some directories =======
2015-07-26 20:22 - 2016-03-28 14:57 - 0054784 ___SH () C:\Users\Selkie\AppData\Roaming\Thumbs.db
2016-06-03 14:54 - 2016-06-03 14:54 - 0000045 _____ () C:\Users\Selkie\AppData\Roaming\WB.CFG
2015-08-05 22:38 - 2015-08-22 22:29 - 0007680 _____ () C:\Users\Selkie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-04-23 00:18 - 2016-04-23 00:18 - 0000855 _____ () C:\Users\Selkie\AppData\Local\recently-used.xbel
2014-07-25 07:02 - 2014-07-25 07:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-29 23:14 - 2015-12-29 23:14 - 0000016 _____ () C:\ProgramData\mntemp
Some files in TEMP:
====================
C:\Users\Selkie\AppData\Local\Temp\avgnt.exe
C:\Users\Selkie\AppData\Local\Temp\BingSvc.exe
C:\Users\Selkie\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Selkie\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Selkie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Selkie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Selkie\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Selkie\AppData\Local\Temp\oct2171.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct2481.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct6744.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct7926.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct793D.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct7C19.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct82B4.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\oct883D.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octB3FC.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octCFAF.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octD603.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEA1.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEBED.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octEFF0.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\octF8DC.tmp.exe
C:\Users\Selkie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Selkie\AppData\Local\Temp\{8E7065E9-AEE0-4B7D-941D-24010169CE4D}-49.0.2623.110_49.0.2623.87_chrome_updater.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-09 13:28
==================== End of FRST.txt ============================