Jump to content

Please help


Jake176

Recommended Posts

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin..

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin....

 

 

 

Fixlist.txt

Link to post
Share on other sites

Thank you Kev you are being a saint to me , i will paste the Fixlog under this , Malwarebytes is doing the threat scan now is it okay to download and install adwcleaner and junkware removal tool while i wait 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by Jake at 2015-02-17 22:03:37 Run:1
Running from C:\Users\jake.FCH\Desktop
Loaded Profiles: Jake & Jake (Available profiles: Jake & Jake)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-3818599572-803860725-2106987424-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir="
CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path
2015-02-17 20:58 - 2015-02-17 20:58 - 00000000 ____D () C:\ProgramData\7732b78000001459
2015-02-17 20:53 - 2015-02-17 20:53 - 00000000 ____D () C:\Users\jake.FCH\Documents\Optimizer Pro
2015-02-17 20:49 - 2015-02-17 20:53 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\FileZilla
2015-02-17 20:47 - 2015-02-17 20:54 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland
2015-02-17 20:47 - 2015-02-17 20:47 - 00000000 ____D () C:\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}
C:\Users\gltsadmin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Jake\AppData\Local\Temp\Setup64.exe
C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdek8ch.dll
C:\Users\jake.FCH\AppData\Local\Temp\optprosetup.exe
C:\Users\jake.FCH\AppData\Local\Temp\uninstall.exe
Task: {4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTION
Task: {68E7B32B-FF35-4A74-ADAF-A861DD4E61EC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTION
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
EmptyTemp:
end
 
 
 
*****************
 
"HKU\S-1-5-21-3818599572-803860725-2106987424-1146\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found. 
HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{077E470E-9C30-4BA4-9037-12DED4ACFAD8}" => Key deleted successfully.
HKCR\CLSID\{077E470E-9C30-4BA4-9037-12DED4ACFAD8} => Key not found. 
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully.
"HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully.
C:\ProgramData\7732b78000001459 => Moved successfully.
C:\Users\jake.FCH\Documents\Optimizer Pro => Moved successfully.
C:\Users\jake.FCH\AppData\Roaming\FileZilla => Moved successfully.
C:\Program Files (x86)\WSE_Binkiland => Moved successfully.
C:\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052} => Moved successfully.
C:\Users\gltsadmin\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.
C:\Users\Jake\AppData\Local\Temp\Setup64.exe => Moved successfully.
C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdek8ch.dll => Moved successfully.
C:\Users\jake.FCH\AppData\Local\Temp\optprosetup.exe => Moved successfully.
C:\Users\jake.FCH\AppData\Local\Temp\uninstall.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68E7B32B-FF35-4A74-ADAF-A861DD4E61EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68E7B32B-FF35-4A74-ADAF-A861DD4E61EC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => Key deleted successfully.
C:\Windows\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS removed successfully.
C:\Windows\SysWOW64\zlib.dll => ":SummaryInformation" ADS removed successfully.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
EmptyTemp: => Removed 972.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:04:05 ====
Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 17/02/2015

Scan Time: 22:15:01

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.02.17.11

Rootkit Database: v2015.02.03.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Jake

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 478497

Time Elapsed: 33 min, 39 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 15

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], 

PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9f731bffdab01d19fac44cbd0bf80ff1], 

PUP.Optional.Lasaoren.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\binkiland.exe, Quarantined, [739f49d173171521963aeaa692710ff1], 

PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4ef60154}, Quarantined, [6fa309119befb97dbe64734543c08779], 

PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [6ba746d4f19958de81a3ffb8f80b27d9], 

PUP.Optional.Binkiland.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, Quarantined, [070b78a23852ce687f4a8b9210f5ca36], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3ed4c95174162f07a43df2e95da6b749], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5db5d14917737eb8794da8492cd81de3], 

PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [d0422dede5a552e4aa799b1cae5531cf], 

 

Registry Values: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [5db5d14917737eb8794da8492cd81de3]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 1

PUP.Optional.SystemSpeedup, C:\Users\jake.FCH\AppData\Roaming\systweak\ssd, Quarantined, [e62c94861674e056feec5816da298977], 

 

Files: 3

PUP.Optional.SystemSpeedup, C:\Users\jake.FCH\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [e62c94861674e056feec5816da298977], 


PUP.Optional.MySearchDial.A, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=dsites_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0E0AtD0C0E0AtG0C0FtByCtGyDyDtAyCtG0FtDyE0DtGtAtA0CtC0AyCtDzz0AzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyyC0B0EtD0EtAtGyC0CyCtCtGtBzyyEzytG0CtC0EzztGyCzy0E0ByBzz0FtC0AyBtD0B2Q&cr=1475100258&ir=" ],), Replaced,[868cc258f09a3cfa652f659c75915ca4]

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

AdwCleaner Results are here now 

 

 

 

# AdwCleaner v4.110 - Logfile created 17/02/2015 at 23:01:30
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Jake - LT-01
# Running from : C:\Users\jake.FCH\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\SimilarSites
File Deleted : C:\Windows\System32\roboot64.exe
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\systweak
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v40.0.2214.111
 
 
*************************
 
AdwCleaner[R0].txt - [1749 bytes] - [17/02/2015 22:58:45]
AdwCleaner[s0].txt - [1576 bytes] - [17/02/2015 23:01:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1635  bytes] ##########
Link to post
Share on other sites

Here is the JRT Log

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Jake on 17/02/2015 at 23:08:42.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\jake.FCH\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\jake.FCH\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/02/2015 at 23:14:42.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

That will be removed when we clean up....

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015

Ran by Jake (administrator) on LT-01 on 18-02-2015 13:26:00

Running from C:\Users\jake.FCH\Desktop\Secruity

Loaded Profiles: Jake (Available profiles: Jake & Jake)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Windows\System32\AppleOSSMgr.exe

(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\AgentMon.exe

(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_disp_service.exe

(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe

(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

( ) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\Lua.exe

( ) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\Lua.exe

(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\Kaseya.AgentEndpoint.exe

(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_agent.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Google Inc.) C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(Dropbox, Inc.) C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\KaUsrTsk.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

() C:\Program Files (x86)\iDisplay\adb.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)

HKLM-x32\...\Run: [KASHGRNLGH46933585833602] => C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\KaUsrTsk.exe [574992 2014-06-10] (Kaseya International Limited)

HKLM-x32\...\Run: [AVP] => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PAX] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [8174080 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)

Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Run: [Google Update] => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-11] (Google Inc.)

HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\RunOnce: [uninstall C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"

HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-07] (Microsoft Corporation)

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk

ShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk

ShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 8.8.8.8

 

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @tools.google.com/Google Update;version=3 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @tools.google.com/Google Update;version=9 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jake.FCH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

 

Chrome: 

=======

CHR Profile: C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]

CHR Extension: (Google Wallet) - C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()

R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-05-19] (Citrix Online, a division of Citrix Systems, Inc.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

R2 KAGRNLGH46933585833602; C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\AgentMon.exe [1152016 2014-06-10] (Kaseya International Limited)

S3 Ktvn_GRNLGH46933585833602; C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\DesktopAccess\Ktvnserver.exe [825344 2013-07-02] (Kaseya LLC.) [File not signed]

R2 prl_mobdisp; C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_disp_service.exe [20879360 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.) [File not signed]

R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft) [File not signed]

R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [1696496 2011-08-18] (RealVNC Ltd)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)

R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)

R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)

R3 iDispService; C:\Windows\System32\DRIVERS\idisplayminiport.sys [14248 2012-08-31] (SHAPE Services)

R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [33680 2014-06-10] (Kaseya)

R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-11-11] (Kaspersky Lab)

R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30736 2009-09-03] (Kaspersky Lab)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [273200 2013-08-08] (Kaspersky Lab)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [32048 2011-09-01] (Kaspersky Lab ZAO)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-18] (Malwarebytes Corporation)

R3 prl_virtual_sound; C:\Windows\System32\DRIVERS\prl_virtual_sound.sys [46824 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-18 09:09 - 2015-02-18 09:11 - 00002006 _____ () C:\Users\jake.FCH\Desktop\Rkill.txt

2015-02-18 09:09 - 2015-02-18 09:09 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\jake.FCH\Downloads\rkill.exe

2015-02-18 09:09 - 2015-02-18 09:09 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\jake.FCH\Downloads\rkill64.exe

2015-02-18 08:54 - 2015-02-18 08:56 - 00000000 ____D () C:\AdwCleaner

2015-02-18 08:51 - 2015-02-18 08:52 - 00000890 _____ () C:\DelFix.txt

2015-02-18 08:50 - 2015-02-18 08:50 - 00709564 _____ () C:\Users\jake.FCH\Downloads\delfix_10.8.exe

2015-02-18 00:22 - 2015-02-18 00:23 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE (2).exe

2015-02-17 23:55 - 2015-02-18 13:26 - 00000000 ___RD () C:\Users\jake.FCH\Desktop\Secruity

2015-02-17 23:16 - 2015-02-17 23:17 - 39739064 _____ (Microsoft Corporation) C:\Users\jake.FCH\Downloads\Windows-KB890830-x64-V5.21.exe

2015-02-17 21:59 - 2015-02-18 00:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-02-17 21:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-02-17 21:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-02-17 21:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-02-17 21:19 - 2015-02-17 21:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jake.FCH\Downloads\mbam-setup-2.0.4.1028.exe

2015-02-17 21:07 - 2015-02-18 13:26 - 00000000 ____D () C:\FRST

2015-02-15 15:17 - 2015-02-15 15:17 - 00000000 ____D () C:\Users\jake.FCH\.android

2015-02-15 15:09 - 2015-02-15 15:09 - 00003286 _____ () C:\Windows\System32\Tasks\iDisplayStartup

2015-02-15 15:09 - 2015-02-15 15:09 - 00000000 ____D () C:\Program Files\Bonjour

2015-02-15 15:09 - 2015-02-15 15:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2015-02-15 15:08 - 2015-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\iDisplay

2015-02-15 15:08 - 2015-02-15 15:08 - 00001015 _____ () C:\Users\jake.FCH\Desktop\iDisplay.lnk

2015-02-15 15:08 - 2015-02-15 15:08 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\SHAPE

2015-02-15 15:08 - 2015-02-15 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDisplay

2015-02-15 15:08 - 2012-08-31 16:51 - 00019368 _____ (SHAPE Services) C:\Windows\system32\idisplay.dll

2015-02-15 15:08 - 2012-08-31 16:51 - 00014248 _____ (SHAPE Services) C:\Windows\system32\Drivers\idisplayminiport.sys

2015-02-15 15:06 - 2015-02-15 15:07 - 04376008 _____ (SHAPE ) C:\Users\jake.FCH\Downloads\iDisplay_setup.exe

2015-02-14 18:48 - 2015-02-18 09:01 - 00000000 ___RD () C:\Users\jake.FCH\Dropbox

2015-02-14 18:48 - 2015-02-14 18:48 - 00001139 _____ () C:\Users\jake.FCH\Desktop\Dropbox.lnk

2015-02-14 18:47 - 2015-02-14 18:47 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-02-14 18:41 - 2015-02-18 09:01 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Dropbox

2015-02-14 18:40 - 2015-02-14 18:41 - 00355464 _____ (Dropbox, Inc.) C:\Users\jake.FCH\Downloads\DropboxInstaller.exe

2015-02-13 13:06 - 2015-02-13 13:08 - 00000375 _____ () C:\Users\jake.FCH\Desktop\Capella Very Berry.rec

2015-02-13 12:49 - 2015-02-13 13:08 - 00000333 _____ () C:\Users\jake.FCH\Desktop\Capella Lemon & Lim.rec

2015-02-13 11:16 - 2015-02-13 13:08 - 00000370 _____ () C:\Users\jake.FCH\Desktop\Perpetua Vanilla Custard.rec

2015-02-11 17:15 - 2015-02-11 17:15 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE (1).exe

2015-02-11 14:39 - 2015-02-11 14:39 - 00019968 _____ () C:\Users\jake.FCH\Downloads\simple-accounts-spreadsheet.xls

2015-02-11 14:16 - 2015-02-11 14:17 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE.exe

2015-02-11 14:15 - 2015-02-11 14:15 - 00024281 _____ () C:\Users\jake.FCH\Downloads\simple-bookkeeping-spreadsheet-v-1.02.xlsx

2015-02-11 10:42 - 2015-02-11 10:43 - 09861884 _____ () C:\Users\jake.FCH\Downloads\Joomla_3.3.6-Stable-Full_Package.zip

2015-02-06 13:09 - 2015-02-14 17:36 - 00000349 _____ () C:\Users\jake.FCH\Desktop\Capella Sweet Mango.rec

2015-02-06 12:58 - 2015-02-06 12:58 - 00000272 _____ () C:\Users\jake.FCH\Desktop\Natural Essence Mango.rec

2015-02-06 12:43 - 2015-02-06 12:43 - 01194117 _____ () C:\Users\jake.FCH\Downloads\Capella_MSDS_Docs.zip

2015-02-06 11:33 - 2015-02-06 11:33 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk

2015-02-06 11:29 - 2015-02-06 11:29 - 04536465 _____ () C:\Users\jake.FCH\Downloads\ejuicemeup.zip

2015-02-04 10:35 - 2015-02-04 10:35 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d0406644ebd2af.job

2015-02-04 10:34 - 2015-02-18 12:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824.job

2015-02-04 10:34 - 2015-02-18 12:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7.job

2015-02-04 10:34 - 2015-02-04 10:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824

2015-02-04 10:34 - 2015-02-04 10:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7

2015-02-04 09:36 - 2015-02-04 09:36 - 00002324 _____ () C:\Users\jake.FCH\Desktop\Terminal Server.RDP

2015-02-04 07:13 - 2015-02-04 07:13 - 00000000 ____D () C:\Users\jake.FCH\Documents\My Curse

2015-02-04 07:12 - 2015-02-04 19:54 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Curse Advertising

2015-02-04 07:11 - 2015-02-04 07:11 - 00000318 _____ () C:\Users\jake.FCH\Desktop\Curse Client.appref-ms

2015-02-04 07:11 - 2015-02-04 07:11 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

2015-02-04 07:08 - 2015-02-04 07:08 - 00003118 _____ () C:\Windows\System32\Tasks\{5D614380-5E15-4822-B4FF-BE839BE80CBB}

2015-02-04 07:07 - 2015-02-04 07:07 - 00402696 _____ () C:\Users\jake.FCH\Downloads\setup.exe

2015-02-03 23:38 - 2015-02-03 23:38 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk

2015-02-03 23:38 - 2015-02-03 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

2015-02-03 23:26 - 2015-02-04 20:06 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft

2015-02-03 23:16 - 2015-02-06 18:27 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Battle.net

2015-02-03 23:16 - 2015-02-06 11:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net

2015-02-03 23:16 - 2015-02-03 23:17 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Battle.net

2015-02-03 23:16 - 2015-02-03 23:16 - 00001152 _____ () C:\Users\Public\Desktop\Battle.net.lnk

2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Blizzard Entertainment

2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net

2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment

2015-02-03 23:13 - 2015-02-03 23:13 - 02868792 _____ (Blizzard Entertainment) C:\Users\jake.FCH\Downloads\Battle.net-Setup-enGB.exe

2015-02-03 23:13 - 2015-02-03 23:13 - 00000000 ____D () C:\ProgramData\Battle.net

2015-02-03 22:54 - 2015-02-04 02:47 - 00000000 ____D () C:\Windows.old

2015-02-03 22:49 - 2015-02-03 22:49 - 00008192 _____ () C:\Windows\system32\config\userdiff

2015-02-03 22:35 - 2015-02-03 15:27 - 00000000 ____D () C:\RecoveryImage

2015-02-03 14:31 - 2015-01-20 10:26 - 00000001 ___SH () C:\BOOTNXT

2015-02-03 14:28 - 2015-02-03 14:28 - 00000757 _____ () C:\Windows\DtcInstall.log

2015-02-03 14:21 - 2015-02-03 15:27 - 00006605 _____ () C:\Windows\comsetup.log

2015-02-03 14:15 - 2015-02-03 14:31 - 00099232 _____ () C:\Windows\diagerr.xml

2015-02-03 14:15 - 2015-02-03 14:31 - 00043818 _____ () C:\Windows\diagwrn.xml

2015-02-03 10:17 - 2015-02-03 10:17 - 02916352 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 02589696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-02-03 10:17 - 2015-02-03 10:17 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-02-03 10:17 - 2015-02-03 10:17 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-02-03 10:17 - 2015-02-03 10:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-02-03 10:17 - 2015-02-03 10:17 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-02-03 10:14 - 2015-02-03 10:15 - 11218928 _____ (Microsoft Corporation) C:\Users\jake.FCH\Downloads\Windows10TechnicalPreview.exe

2015-02-03 09:33 - 2015-02-03 10:17 - 170040511 _____ () C:\Users\jake.FCH\Downloads\Windows10_TechnicalPreview_x64_EN-GB_9926.iso.crdownload

2015-01-29 11:56 - 2015-01-29 11:56 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2015-01-29 11:56 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll

2015-01-29 11:56 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe

2015-01-29 11:55 - 2015-01-29 11:55 - 00000000 ____D () C:\Program Files (x86)\epson

2015-01-29 11:54 - 2015-01-29 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2015-01-29 11:53 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BJJE.DLL

2015-01-29 11:53 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL

2015-01-29 11:43 - 2015-02-04 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

2015-01-29 11:43 - 2015-01-29 11:43 - 00000000 ____D () C:\Program Files (x86)\EPSON Software

2015-01-20 16:50 - 2015-02-03 18:51 - 00000000 ___HD () C:\$Windows.~BT

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-18 13:25 - 2013-07-02 15:21 - 00002326 ____H () C:\Users\jake.FCH\Documents\Default.rdp

2015-02-18 12:53 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp

2015-02-18 12:50 - 2013-06-28 11:08 - 01856428 _____ () C:\Windows\WindowsUpdate.log

2015-02-18 12:36 - 2013-07-02 09:52 - 00000000 ____D () C:\kworking

2015-02-18 12:32 - 2013-09-05 11:40 - 00000000 ____D () C:\ProgramData\Parallels

2015-02-18 09:08 - 2009-07-14 04:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-18 09:08 - 2009-07-14 04:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-18 09:01 - 2013-09-05 11:40 - 03074049 _____ () C:\Users\jake.FCH\AppData\Local\parallels.log

2015-02-18 09:01 - 2013-07-03 20:05 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Deployment

2015-02-18 09:00 - 2013-08-08 16:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2015-02-18 08:59 - 2014-11-02 01:00 - 00819786 _____ () C:\Windows\setupact.log

2015-02-18 08:59 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-18 00:01 - 2013-07-02 11:18 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl

2015-02-17 23:02 - 2014-11-21 10:24 - 00015364 _____ () C:\Windows\PFRO.log

2015-02-17 22:52 - 2013-09-05 11:40 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Parallels

2015-02-17 22:50 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing

2015-02-16 12:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-15 15:17 - 2013-07-02 11:53 - 00000000 ____D () C:\Users\jake.FCH

2015-02-15 15:16 - 2013-09-05 11:40 - 00030624 _____ () C:\Users\jake.FCH\AppData\Local\parallels-webrtc.log

2015-02-15 10:35 - 2014-02-23 14:19 - 00000000 ____D () C:\Users\jake.FCH\Documents\Simply Vape Ltd

2015-02-14 23:50 - 2014-04-09 14:08 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk

2015-02-14 18:34 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-02-05 10:57 - 2013-07-04 10:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-05 10:57 - 2013-07-04 10:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-04 10:35 - 2014-11-15 01:49 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d00076542f24e7.job

2015-02-04 07:13 - 2013-12-05 17:02 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\.minecraft

2015-02-04 02:49 - 2013-06-28 13:21 - 00000000 __SHD () C:\Recovery

2015-02-04 02:42 - 2014-10-10 15:05 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information

2015-02-04 02:42 - 2014-10-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series

2015-02-04 02:42 - 2014-09-17 21:15 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-02-04 02:42 - 2014-08-22 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2015-02-04 02:42 - 2014-08-04 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-02-04 02:42 - 2014-07-07 14:48 - 00000000 ____D () C:\Windows\system32\SPReview

2015-02-04 02:42 - 2014-07-07 14:47 - 00000000 ____D () C:\Windows\system32\EventProviders

2015-02-04 02:42 - 2014-07-03 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-02-04 02:42 - 2014-05-19 10:11 - 00000000 ____D () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix

2015-02-04 02:42 - 2014-02-23 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Plan Pro

2015-02-04 02:42 - 2014-02-23 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Misc

2015-02-04 02:42 - 2014-02-23 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Locations

2015-02-04 02:42 - 2013-11-08 23:28 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-02-04 02:42 - 2013-11-08 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-02-04 02:42 - 2013-09-11 10:40 - 00000000 ____D () C:\Windows\system32\appmgmt

2015-02-04 02:42 - 2013-09-05 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parallels

2015-02-04 02:42 - 2013-08-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4

2015-02-04 02:42 - 2013-07-16 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts

2015-02-04 02:42 - 2013-07-16 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage 50 Payroll

2015-02-04 02:42 - 2013-07-04 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 2008

2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ____D () C:\Users\Mike

2015-02-04 02:42 - 2013-07-02 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ___RD () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ___RD () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ____D () C:\Users\gltsadmin

2015-02-04 02:42 - 2013-07-02 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC

2015-02-04 02:42 - 2013-07-02 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaseya

2015-02-04 02:42 - 2013-06-28 13:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ____D () C:\Users\Jake

2015-02-04 02:42 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep

2015-02-04 02:42 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\DigitalLocker

2015-02-04 02:42 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar

2015-02-04 02:42 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 __RSD () C:\Windows\Media

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\spool

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Recovery

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\MUI

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help

2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2015-02-04 02:41 - 2014-11-25 09:36 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast

2015-02-04 02:41 - 2013-07-27 19:45 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ___RD () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ___RD () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 2008

2015-02-03 18:52 - 2013-06-28 20:04 - 00000000 ____D () C:\Windows\Panther

2015-02-03 15:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Registration

2015-02-03 15:26 - 2013-07-04 10:32 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-02-03 15:26 - 2013-07-04 10:32 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-02-03 14:31 - 2013-06-28 20:04 - 00008192 __RSH () C:\BOOTSECT.BAK

2015-02-03 14:30 - 2014-11-02 01:00 - 00029260 _____ () C:\Windows\setuperr.log

2015-02-03 12:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache

2015-01-29 17:49 - 2014-07-07 11:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-01-29 11:52 - 2014-10-10 17:31 - 00000000 ____D () C:\ProgramData\EPSON

 

==================== Files in the root of some directories =======

 

2014-02-22 18:46 - 2014-02-22 18:49 - 7140618 _____ () C:\Users\jake.FCH\AppData\Roaming\bppenu11.log

2014-03-14 15:46 - 2014-03-14 15:46 - 0000045 _____ () C:\Users\jake.FCH\AppData\Roaming\WB.CFG

2013-09-05 11:40 - 2013-09-05 11:40 - 0000000 _____ () C:\Users\jake.FCH\AppData\Local\parallels-jingle.log

2013-09-05 11:40 - 2015-02-15 15:16 - 0030624 _____ () C:\Users\jake.FCH\AppData\Local\parallels-webrtc.log

2013-09-05 11:40 - 2015-02-18 09:01 - 3074049 _____ () C:\Users\jake.FCH\AppData\Local\parallels.log

2014-09-22 18:53 - 2014-09-22 18:53 - 0005217 _____ () C:\Users\jake.FCH\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll

C:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exe

C:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-13 01:10

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015

Ran by Jake at 2015-02-18 13:27:38

Running from C:\Users\jake.FCH\Desktop\Secruity

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Accounts (x32 Version: 19.0.11.260 - Sage (UK) Ltd) Hidden

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

Boot Camp Services (HKLM\...\{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}) (Version: 4.0.4033 - Apple Inc.)

Business Plan Pro 15th Anniversary Edition (HKLM-x32\...\{3E9E68FB-49FA-410A-8787-424F2A506E0F}) (Version: 11.25.0009 - Palo Alto Software, Inc.)

Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version:  - )

ChromecastApp (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)

Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)

Curse Client (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)

Dropbox (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 14.7 - Breaktru Software)

eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.0.0.2 - Breaktru Software)

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)

GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

GoToAssist Customer 2.0.0.637 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.0.0.637 - Citrix Online)

iDisplay 2.4.2 (HKLM-x32\...\iDisplay_is1) (Version: 2.4.2.16 - SHAPE)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)

Kaseya Agent (jake1.root.sunsetwest - ksaas01.glts.co.uk) (HKLM-x32\...\KAGRNLGH46933585833602) (Version: 7.0.0.1 - Kaseya)

Kaspersky Anti-Virus 6.0 for Windows Workstations (HKLM-x32\...\{8F023021-A7EB-45D3-9269-D65264C81729}) (Version: 6.0.4.1611 - Kaspersky Lab)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

Parallels Access (HKLM-x32\...\{DBF45F0B-6B46-4CFD-A56E-475900A4BE4F}) (Version: 1.0.22682 - Parallels Software International Inc)

Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)

Sage 50 Accounts 2013 (HKLM-x32\...\InstallShield_{45ECE61A-C8EE-4847-852C-6E8A8192D424}) (Version: 19.0.11.260 - Sage (UK) Ltd)

Sage 50 Payroll (HKLM-x32\...\{AD0310FE-0F05-4C17-AC24-E736D8DA5C66}) (Version: 19.00 - Sage (UK) Ltd.)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)

Unity Web Player (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)

VNC Enterprise Edition E4.6.3 (HKLM-x32\...\RealVNC_is1) (Version: E4.6.3 - RealVNC Ltd)

Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)

Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)

Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)

Windows Driver Package - Broadcom (b57nd60a) Net  (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)

Windows Driver Package - Broadcom (BCM43XX) Net  (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)

Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)

Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)

Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)

Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)

Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)

Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)

Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)

Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)

Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)

Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)

Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)

WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{37f07c3f-26b0-451e-9760-16f902549186}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

18-02-2015 08:51:40 End of disinfection

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0DEC445F-9CF1-43B1-85FC-7445AAB9A67C} - System32\Tasks\{5D614380-5E15-4822-B4FF-BE839BE80CBB} => pcalua.exe -a C:\Users\jake.FCH\Downloads\setup.exe -d C:\Users\jake.FCH\Downloads

Task: {21B9848D-2B4F-4D56-9AE9-F148C552B116} - System32\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)

Task: {4A12C1D3-320A-4253-80D4-428CFFE67B29} - System32\Tasks\{20D3C1EC-494D-4CEE-9F2C-0081A57D2063} => pcalua.exe -a C:\Users\jake.FCH\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe -d C:\Users\jake.FCH\Downloads

Task: {6EB263BD-5DF8-4807-AFE8-3936A6C39717} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)

Task: {721B6BAF-6992-487F-9D9C-9950978C4C15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)

Task: {85F8A325-49A9-4153-A559-6BF0B77BF2AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)

Task: {92E768C4-A2A7-46DB-89BF-5EDE51A787AD} - System32\Tasks\iDisplayStartup => C:\Program Files (x86)\iDisplay\iDisplay.exe [2013-03-20] (SHAPE)

Task: {A1EE1208-4D7C-481B-BF9B-90FA09B5A106} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)

Task: {A9FD3FA8-996E-4528-9F80-9BB1D74F93FF} - System32\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)

Task: {CD1BB909-76A6-404D-B6BA-B075EACA6673} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {F9D2225A-706D-4277-B995-196E27496E9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1cf91fcaea05933.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1cfeff2abaf502b.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d00076542f24e7.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d0406644ebd2af.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) ==============

 

2011-06-29 06:49 - 2011-06-29 06:49 - 00224640 _____ () C:\Windows\system32\AppleOSSMgr.exe

2014-03-25 10:42 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-11-21 03:21 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-06-28 13:28 - 2011-06-13 17:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2015-02-15 15:08 - 2013-03-19 15:02 - 00815104 _____ () C:\Program Files (x86)\iDisplay\adb.exe

2012-08-16 20:45 - 2012-08-16 20:45 - 00028504 _____ () c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\volenum.ppl

2013-07-02 09:48 - 2014-06-10 17:57 - 00925696 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\libkacm.dll

2013-07-02 09:48 - 2014-06-10 17:57 - 00110592 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\scripts\socket\core.dll

2013-07-02 09:48 - 2014-06-10 17:57 - 00073728 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\scripts\mime\core.dll

2015-02-14 18:47 - 2015-02-10 21:00 - 00750080 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-02-18 09:01 - 2015-02-18 09:01 - 00043008 _____ () c:\users\jake.fch\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll

2015-02-14 18:47 - 2015-02-10 21:00 - 00047616 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-02-14 18:47 - 2015-02-10 21:00 - 00865280 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-02-14 18:47 - 2015-02-10 21:00 - 00200704 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2013-08-27 04:18 - 2013-08-27 04:18 - 00397824 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlSdkCommunication.dll

2013-08-27 04:13 - 2013-08-27 04:13 - 00195584 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\AbstractTask.dll

2013-08-27 04:21 - 2013-08-27 04:21 - 08210944 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlGui.dll

2015-02-06 11:26 - 2015-02-04 09:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll

2015-02-06 11:26 - 2015-02-04 09:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll

2015-02-06 11:26 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll

2015-02-06 11:26 - 2015-02-04 09:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAGRNLGH46933585833602 => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAGRNLGH46933585833602 => ""="Service"

 

==================== EXE Association (whitelisted) ===============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Control Panel\Desktop\\Wallpaper -> C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 208.67.222.222 - 8.8.8.8

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-448919324-498970675-1967448580-500 - Administrator - Disabled)

gltsadmin (S-1-5-21-448919324-498970675-1967448580-1004 - Administrator - Enabled)

Guest (S-1-5-21-448919324-498970675-1967448580-501 - Limited - Disabled)

Jake (S-1-5-21-448919324-498970675-1967448580-1000 - Administrator - Enabled) => C:\Users\Jake

 

==================== Faulty Device Manager Devices =============

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/18/2015 09:20:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:20:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in ._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 08:50:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:33:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:03:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

 

System errors:

=============

Error: (02/18/2015 01:26:00 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain FCH due to the following: 

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

Error: (02/18/2015 00:37:03 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (02/18/2015 00:34:33 PM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (02/18/2015 09:01:43 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (02/18/2015 09:00:17 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: FCH)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (02/18/2015 08:59:19 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (02/18/2015 08:59:08 AM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain FCH due to the following: 

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

Error: (02/18/2015 04:55:10 AM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain FCH due to the following: 

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

Error: (02/18/2015 00:01:38 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{792D3126-A6D1-4311-95D6-1F1959E06F30} because another computer on the network has the same name.  The server could not start.

 

Error: (02/18/2015 00:01:32 AM) (Source: RasSstp) (EventID: 1) (User: )

Description: CoId={8444E375-0131-40D9-A3BB-C61AEFB7DD2C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

 

The certificate's CN name does not match the passed value.

 

 

Microsoft Office Sessions:

=========================

Error: (02/18/2015 09:20:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:20:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in ._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html>

 

Error: (02/18/2015 08:50:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:33:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

Error: (02/18/2015 08:03:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2640M CPU @ 2.80GHz

Percentage of memory in use: 52%

Total physical RAM: 4006.73 MB

Available physical RAM: 1885.77 MB

Total Pagefile: 8011.65 MB

Available Pagefile: 5829.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: (BOOTCAMP) (Fixed) (Total:139.53 GB) (Free:70.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive e: (Macintosh HD) (Fixed) (Total:557.86 GB) (Free:436.57 GB) HFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00007F6B)

 

Partition: GPT Partition Type.

Partition 2: (Not Active) - (Size=557.9 GB) - (Type=AF)

Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)

Partition 4: (Active) - (Size=139.5 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted…

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin..

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015

Ran by Jake at 2015-02-18 13:53:29 Run:1

Running from C:\Users\jake.FCH\Desktop\Secruity

Loaded Profiles: Jake (Available profiles: Jake & Jake)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk

ShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)

C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll

C:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exe

C:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dll

EmptyTemp:

end

 

 

 

*****************

 

C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk => Moved successfully.

C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe not found.

C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll => Moved successfully.

C:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dll => Moved successfully.

EmptyTemp: => Removed 102.1 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 13:53:34 ====

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.