I can't figure out how to edit my post and I didn't realize you wanted the FRST.txt to be pasted so here it is Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by Peter (administrator) on PETER-HP on 20-02-2015 01:15:16 Running from C:\Users\Peter\Desktop Loaded Profiles: Peter (Available profiles: Peter) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 10 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (AMD) C:\Windows\System32\atieclxx.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe () C:\Program Files (x86)\WhatPulse2\whatpulse.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Spotify Ltd) C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Flux Software LLC) C:\Users\Peter\AppData\Local\FluxSoftware\Flux\flux.exe () C:\Program Files (x86)\puush\puush.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe (Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Curse) C:\Users\Peter\AppData\Local\Apps\2.0\ZXOOO5GZ.ZD5\PE6VV4Z6.8Z2\curs..tion_9e9e83ddf3ed3ead_0005.0001_36a9b62a0ea0a2ec\CurseClient.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_updater.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe ( ) C:\Windows\System32\lxeacoms.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\alg.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hola Networks Ltd.) C:\Program Files\Hola\app\hola_svc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Peter Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe (MPC-HC Team) C:\Program Files (x86)\MPC-HC\mpc-hc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-09-14] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.) HKLM\...\Run: [MRT] => C:\Windows\system32\MRT.exe [90015360 2014-03-02] (Microsoft Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe [1409512 2014-11-06] (Hola Networks Ltd.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [bambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] () HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-03-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585536 2015-01-06] (Razer Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2874048 2015-02-18] (Valve Corporation) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [WhatPulse] => C:\Program Files (x86)\WhatPulse2\whatpulse.exe [3126272 2013-12-11] () HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [AtiTrayTools] => C:\Program Files (x86)\Ray Adams\ATI Tray Tools\atitray.exe [929792 2011-10-29] (Ray Adams) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [LSI] => C:\Users\Peter\Documents\LSI\LSI v1.14.exe HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [spotify] => C:\Users\Peter\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-25] (Spotify Ltd) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [spotify Web Helper] => C:\Users\Peter\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-25] (Spotify Ltd) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-03-27] (Raptr, Inc) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [f.lux] => C:\Users\Peter\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2014-07-19] () HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\MountPoints2: {43034c5c-842a-11e1-80e7-806e6f6e6963} - E:\setup.exe HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\MountPoints2: {a5e92934-9ed5-11e4-8ea9-386077e4070c} - J:\HTC_Sync_Manager_PC.exe AppInit_DLLs-x32: c:\progra~3\bprote~1\21419~1.7\protec~1.dll => "c:\progra~3\bprote~1\21419~1.7\protec~1.dll" File Not Found Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe () Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk ShortcutTarget: Curse.lnk -> C:\Users\Peter\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {13244026-29AB-4E44-98BB-D726F549D9DC} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: No Name -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3258772251-3576834985-3314991821-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 167.206.13.180 167.206.13.181 192.168.1.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default FF NewTab: google.com FF DefaultSearchEngine: Google FF DefaultSearchEngine.US: Google FF SearchEngineOrder.1: Search the web (Babylon) FF SelectedSearchEngine: Binkiland FF Homepage: hxxp://www.google.com/ FF Keyword.URL: ^hxxp://.*\\.babylon\\.com/\\?AF=114022.* FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.6.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: @nsroblox.roblox.com/launcher -> C:\Users\Peter\AppData\Local\Roblox\Versions\version-1112937d32504d8c\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Peter\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3258772251-3576834985-3314991821-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF user.js: detected! => C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\user.js FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\searchplugins\bProtect.xml FF Extension: Battlefield Play4Free - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\battlefieldplay4free@ea.com [2012-06-22] FF Extension: ExHentai Easy - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack [2013-09-08] FF Extension: Hola Better Internet - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-02-19] FF Extension: Classic Theme Restorer - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-03-24] FF Extension: Firefox 3 theme for Firefox 4+ - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\ffe_ff3ff4@game-point.net.xpi [2012-06-19] FF Extension: ExHentai Easy 2 - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-7NbXi2AqS1oUFw@jetpack.xpi [2014-03-09] FF Extension: FrankerFaceZ - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\jid1-snHdAu6px3p0jA@jetpack.xpi [2015-01-08] FF Extension: Test Pilot - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\testpilot@labs.mozilla.com.xpi [2013-09-08] FF Extension: Adblock Plus - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-19] FF Extension: Greasemonkey - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\4xpvr53k.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-12-08] FF Extension: ExHentai Easy 2 - C:\Program Files (x86)\Mozilla Firefox\extensions\exhentai_easy2.xpi [2015-02-11] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-11] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2012-06-19] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2015-02-19] FF HKLM-x32\...\Firefox\Extensions: [VIP1X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2012-04-11] FF HKLM-x32\...\Firefox\Extensions: [VIP2X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKLM-x32\...\Firefox\Extensions: [VIP3X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client FF HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Firefox\Extensions: [{13482ADC-F2D7-11E1-8270-B8AC6F996F26}] - C:\Users\Peter\AppData\Local\{13482ADC-F2D7-11E1-8270-B8AC6F996F26} FF Extension: Mozilla Safe Browsing - C:\Users\Peter\AppData\Local\{13482ADC-F2D7-11E1-8270-B8AC6F996F26} [2012-08-30] FF HKU\S-1-5-21-3258772251-3576834985-3314991821-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR HomePage: Default -> hxxp://binkiland.com/?f=1&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir=" CHR DefaultSearchKeyword: Default -> binkiland.com CHR DefaultSearchURL: Default -> http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_08&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0C0E0CyDtC0B0C0DtD0CtAtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2StDtAtBzyyD0B0A0CtGyDtD0FyBtGyBtCyEyEtG0EyE0A0CtGyBtBtCtDzz0D0A0AtCtCyC0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtBtBzztDyB0FtDtGzyzzyEtDtGyEtAtDtCtG0A0D0BzztGzz0C0FtByC0Dzy0AyD0AtByC2Q&cr=1104493698&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-05] CHR Extension: (Hola Better Internet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-10-05] CHR Extension: (Google Wallet) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-15] CHR Extension: (Spicy Battle) - C:\Users\Peter\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbnbdgenkkgnkbooiipikaoepojfingl [2015-01-18] CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-04-11] StartMenuInternet: Google Chrome - chrome.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-03] () R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123096 2014-12-16] (altPUG LLC) S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [175136 2014-10-12] (EasyAntiCheat Ltd) S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2015-01-06] (Hi-Rez Studios) [File not signed] R2 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8147432 2014-11-06] (Hola Networks Ltd.) R2 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [5794280 2014-10-30] (Hola Networks Ltd.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-04-14] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-09] () R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [186048 2014-12-09] () R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2011-12-05] (Symantec Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1843712 2011-06-02] (Hauppauge Computer Works, Inc.) R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [31648 2014-04-06] (REALiX) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-29] (Broadcom Corporation) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [97496 2015-02-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-19] (Malwarebytes Corporation) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-07-03] (Nicomsoft Ltd.) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation) S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-05] (CACE Technologies) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-04-11] () S3 RivaTuner64; C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [19952 2014-04-06] () R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39592 2014-12-30] (Razer Inc) R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-12-09] (Razer, Inc.) R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-12-10] (Razer, Inc.) S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [38912 2014-10-30] (SteelSeries ApS) R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-04-11] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation) S1 cxuxipny; \??\C:\Windows\system32\drivers\cxuxipny.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 ESEADriver2; \??\C:\Users\Peter\AppData\Local\Temp\ESEADriver2.sys [X] S3 X6va027; \??\C:\Windows\SysWOW64\Drivers\X6va027 [X] S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 01:15 - 2015-02-20 01:15 - 00037936 _____ () C:\Users\Peter\Desktop\FRST.txt 2015-02-19 12:13 - 2015-02-19 12:13 - 00000000 ____D () C:\Users\Peter\AppData\Local\Steam 2015-02-18 21:23 - 2015-02-19 14:14 - 00048518 _____ () C:\Users\Peter\Downloads\FRST.txt 2015-02-18 21:23 - 2015-02-18 21:31 - 00054210 _____ () C:\Users\Peter\Downloads\Addition.txt 2015-02-18 21:22 - 2015-02-20 01:15 - 00000000 ____D () C:\FRST 2015-02-18 21:22 - 2015-02-18 21:22 - 02086912 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe 2015-02-18 20:49 - 2015-02-18 21:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-02-18 20:48 - 2015-02-18 21:12 - 00000000 ____D () C:\Users\Peter\Desktop\mbar 2015-02-18 20:48 - 2015-02-18 20:48 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Peter\Downloads\mbar-1.08.3.1004.exe 2015-02-18 19:59 - 2015-02-18 19:59 - 00000033 _____ () C:\Users\Peter\ggpo-ng.ini 2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 _____ () C:\Users\Peter\fightcade-debug.log 2015-02-18 19:59 - 2015-02-18 19:59 - 00000000 _____ () C:\Users\Peter\fightcade.log 2015-02-18 19:56 - 2015-02-18 19:56 - 00752136 _____ (Software ) C:\Users\Peter\Downloads\CR_Downloader_for_street-fighter-iii-3rd-strike--fight-for-the-future-(usa-990512).exe 2015-02-18 19:54 - 2015-02-18 19:54 - 22154292 _____ () C:\Users\Peter\Downloads\fightcade-win32-v039.zip 2015-02-18 19:54 - 2014-12-30 23:47 - 00000000 ____D () C:\Users\Peter\Desktop\FightCade 2015-02-16 12:56 - 2015-02-16 12:56 - 05367023 _____ () C:\Users\Peter\Downloads\lewa+skin+(1).zip 2015-02-15 21:24 - 2015-02-15 21:24 - 11443560 _____ (MPC-HC Team ) C:\Users\Peter\Downloads\MPC-HC.1.7.8.x86.exe 2015-02-15 21:24 - 2015-02-15 21:24 - 00001087 _____ () C:\Users\Peter\Desktop\MPC-HC.lnk 2015-02-15 21:24 - 2015-02-15 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2015-02-15 21:24 - 2015-02-15 21:24 - 00000000 ____D () C:\Program Files (x86)\MPC-HC 2015-02-15 21:10 - 2015-02-15 21:10 - 12240456 _____ (MPC-HC Team ) C:\Users\Peter\Downloads\MPC-HC.1.7.8.x64.exe 2015-02-15 20:59 - 2015-02-15 21:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP 2015-02-15 20:59 - 2015-02-15 21:13 - 00000000 ____D () C:\Program Files (x86)\KCP 2015-02-15 20:57 - 2015-02-15 20:57 - 16969953 _____ (Haruhichan.com ) C:\Users\Peter\Downloads\KCP-0.5.9.0_[08D7200B].exe 2015-02-11 11:37 - 2015-02-11 11:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-02-06 22:07 - 2015-02-06 22:07 - 00003387 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2015-02-03 13:26 - 2015-02-03 13:26 - 00022760 _____ () C:\Users\Peter\Documents\clickerHeroSavebest.txt 2015-01-24 13:34 - 2015-01-24 13:36 - 00000000 ____D () C:\Users\Peter\Documents\musicforphone ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 01:15 - 2014-01-03 15:15 - 00000000 ____D () C:\Users\Peter\AppData\Local\WhatPulse 2015-02-20 01:08 - 2012-12-16 18:41 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-20 01:00 - 2013-02-07 17:21 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Skype 2015-02-20 00:31 - 2013-05-27 22:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-20 00:29 - 2012-06-20 17:11 - 00000000 ____D () C:\Users\Peter\AppData\Local\Deployment 2015-02-19 23:46 - 2012-06-19 17:09 - 01776889 _____ () C:\Windows\WindowsUpdate.log 2015-02-19 22:25 - 2012-06-19 18:31 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-02-19 21:08 - 2012-06-19 17:13 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{F4AAD321-2539-4CD1-BE5C-4D8D5BBE7FC7} 2015-02-19 19:14 - 2013-02-01 01:46 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\foobar2000 2015-02-19 14:08 - 2012-12-16 18:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-19 13:06 - 2012-06-27 12:40 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPeter 2015-02-19 13:06 - 2012-06-27 12:40 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForPeter.job 2015-02-19 12:24 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-19 12:24 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-19 12:17 - 2009-07-14 00:13 - 00781390 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-19 12:12 - 2013-07-23 23:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Spotify 2015-02-19 12:12 - 2013-07-23 23:45 - 00000000 ____D () C:\Users\Peter\AppData\Local\Spotify 2015-02-19 12:12 - 2012-06-26 01:26 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2015-02-19 12:12 - 2012-04-11 17:22 - 00000000 ____D () C:\ProgramData\PDFC 2015-02-19 12:10 - 2014-10-22 14:21 - 00529554 _____ () C:\Windows\PFRO.log 2015-02-19 12:10 - 2014-07-27 00:37 - 00014593 _____ () C:\Windows\setupact.log 2015-02-19 12:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-19 03:09 - 2015-01-17 13:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-18 23:16 - 2012-07-21 19:14 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Mumble 2015-02-18 20:49 - 2015-01-17 13:05 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-18 20:40 - 2013-07-31 18:03 - 00000000 ___RD () C:\Users\Peter\Dropbox 2015-02-18 20:40 - 2013-07-31 18:01 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Dropbox 2015-02-18 20:37 - 2012-06-19 17:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-02-18 20:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2015-02-18 20:21 - 2012-06-20 14:58 - 00000000 ____D () C:\Users\Peter\AppData\Local\CrashDumps 2015-02-18 19:59 - 2012-06-19 17:09 - 00000000 ____D () C:\Users\Peter 2015-02-18 19:58 - 2012-12-16 18:41 - 00002261 _____ () C:\Users\Peter\Desktop\Google Chrome.lnk 2015-02-18 19:58 - 2012-10-22 14:33 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-18 19:58 - 2012-09-08 20:09 - 00001345 _____ () C:\Users\Peter\Desktop\Sony Vegas Pro 12.0 (64-bit).lnk 2015-02-18 13:49 - 2012-06-20 12:33 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-17 18:38 - 2014-11-09 14:08 - 00023296 _____ () C:\Users\Peter\Documents\clickerHeroSave.txt 2015-02-15 21:23 - 2013-12-28 21:38 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\mpc-hc 2015-02-15 21:23 - 2013-08-01 03:04 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\Media Player Classic 2015-02-14 00:01 - 2013-08-01 03:04 - 00085504 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-12 12:26 - 2014-02-24 02:14 - 00000792 _____ () C:\Users\Peter\d3d_antilag.log 2015-02-12 12:26 - 2012-09-01 20:01 - 00000000 ____D () C:\Program Files (x86)\osu! 2015-02-09 11:46 - 2009-07-14 00:08 - 00032544 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-06 22:03 - 2012-08-08 20:00 - 00000000 ____D () C:\Users\Peter\.gimp-2.8 2015-02-05 14:03 - 2012-12-16 18:41 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 14:03 - 2012-12-16 18:41 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 09:31 - 2013-05-27 22:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-05 09:31 - 2012-06-19 23:28 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-05 09:31 - 2012-04-11 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-04 13:06 - 2012-07-18 13:00 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-01-27 08:04 - 2013-05-27 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-24 14:20 - 2012-07-24 02:45 - 00000000 ____D () C:\Users\Peter\AppData\Roaming\vlc ==================== Files in the root of some directories ======= 2013-08-01 03:04 - 2015-02-14 00:01 - 0085504 _____ () C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-06 22:07 - 2015-02-06 22:07 - 0003387 _____ () C:\Users\Peter\AppData\Local\recently-used.xbel 2012-07-17 16:17 - 2014-11-18 00:33 - 0007662 _____ () C:\Users\Peter\AppData\Local\Resmon.ResmonCfg 2012-08-30 14:15 - 2014-04-05 20:20 - 0000000 _____ () C:\Users\Peter\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ 2012-06-19 17:51 - 2012-06-19 17:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2014-01-11 21:40 - 2014-01-11 21:40 - 0000462 _____ () C:\ProgramData\HirezPipeError.txt 2014-09-24 10:37 - 2014-12-16 07:22 - 0011696 _____ () C:\ProgramData\lxeaJSW.log 2014-09-24 10:35 - 2014-12-09 17:05 - 0000672 _____ () C:\ProgramData\lxeascan.log Some content of TEMP: ==================== C:\Users\Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpysdcya.dll C:\Users\Peter\AppData\Local\Temp\HiPatchSelfUpdateWindow.exe C:\Users\Peter\AppData\Local\Temp\HiRezLauncherControls.dll C:\Users\Peter\AppData\Local\Temp\la6uikuv.dll C:\Users\Peter\AppData\Local\Temp\NGMDll.dll C:\Users\Peter\AppData\Local\Temp\NGMResource.dll C:\Users\Peter\AppData\Local\Temp\NGMSetup.exe C:\Users\Peter\AppData\Local\Temp\unicows.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 00:43 ==================== End Of Log ============================