Jake176 Posted February 17, 2015 ID:940501 Share Posted February 17, 2015 Im looking for someone to help , i downloaded Filezilla and now I have this "BikiniLand" stuck on my PC done my best to unistall it but its still integrated in my Chrome Some help would be awesome =] Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2015 ID:940502 Share Posted February 17, 2015 Hello and welome, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Thanks, Kevin.. Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940503 Share Posted February 17, 2015 I have ran Farbar Recovery Scan Tool and below is the required attached files FRST.txtAddition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted February 17, 2015 ID:940514 Share Posted February 17, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Download Malwarebytes Anti-Malware to your desktop.Double-click mbam-setup and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.On the Dashboard, click the 'Update Now >>' linkAfter the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Now select > Scan > Threat scan > Scan nowWhen the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes. When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system.... 32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en Right click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter: notepad c:\windows\debug\mrt.log Let me see those logs, also give an update on any remaining issues or concerns... Thanks, Kevin.... Fixlist.txt Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940523 Share Posted February 17, 2015 Thank you Kev you are being a saint to me , i will paste the Fixlog under this , Malwarebytes is doing the threat scan now is it okay to download and install adwcleaner and junkware removal tool while i wait Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015Ran by Jake at 2015-02-17 22:03:37 Run:1Running from C:\Users\jake.FCH\DesktopLoaded Profiles: Jake & Jake (Available profiles: Jake & Jake)Boot Mode: Normal============================================== Content of fixlist:*****************startHKU\S-1-5-21-3818599572-803860725-2106987424-1146\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-3818599572-803860725-2106987424-1171\Software\Microsoft\Internet Explorer\Main,Start Page = http://binkiland.com/?f=1&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir=SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir=SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir=SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKU\S-1-5-21-3818599572-803860725-2106987424-1171 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir=SearchScopes: HKU\S-1-5-21-3818599572-803860725-2106987424-1171 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir=SearchScopes: HKU\S-1-5-21-3818599572-803860725-2106987424-1171 -> {077E470E-9C30-4BA4-9037-12DED4ACFAD8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0E0AtD0C0E0AtG0C0FtByCtGyDyDtAyCtG0FtDyE0DtGtAtA0CtC0AyCtDzz0AzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyyC0B0EtD0EtAtGyC0CyCtCtGtBzyyEzytG0CtC0EzztGyCzy0E0ByBzz0FtC0AyBtD0B2Q&cr=1475100258&ir=CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_frg01_15_08&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0StCtCyEtAtN1L2XzutAtFyBtFyBtFtCtDtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0AtD0CyD0CzyyDtGzzyDyE0DtG0CyDyDyBtG0ByCyCtBtGtB0C0E0BtB0DyE0B0DyEzy0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyCtBtAzz0C0A0EtG0DtC0FtBtGyEtA0B0AtGzzzytAyCtG0FtCtDyDtD0AyD0A0DyDtB0B2Q&cr=1046542622&ir="CHR HKLM\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No PathCHR HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No PathCHR HKLM-x32\...\Chrome\Extension: [elggllhppljlljkgfeokjpehmdamkejk] - No Path2015-02-17 20:58 - 2015-02-17 20:58 - 00000000 ____D () C:\ProgramData\7732b780000014592015-02-17 20:53 - 2015-02-17 20:53 - 00000000 ____D () C:\Users\jake.FCH\Documents\Optimizer Pro2015-02-17 20:49 - 2015-02-17 20:53 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\FileZilla2015-02-17 20:47 - 2015-02-17 20:54 - 00000000 ____D () C:\Program Files (x86)\WSE_Binkiland2015-02-17 20:47 - 2015-02-17 20:47 - 00000000 ____D () C:\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}C:\Users\gltsadmin\AppData\Local\Temp\OfficeSetup.exeC:\Users\Jake\AppData\Local\Temp\Setup64.exeC:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdek8ch.dllC:\Users\jake.FCH\AppData\Local\Temp\optprosetup.exeC:\Users\jake.FCH\AppData\Local\Temp\uninstall.exeTask: {4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask No Task File <==== ATTENTIONTask: {68E7B32B-FF35-4A74-ADAF-A861DD4E61EC} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline No Task File <==== ATTENTIONTask: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector No Task File <==== ATTENTIONTask: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector No Task File <==== ATTENTIONAlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformationAlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformationAlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}EmptyTemp:end ***************** "HKU\S-1-5-21-3818599572-803860725-2106987424-1146\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}" => Key deleted successfully.HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found. HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{077E470E-9C30-4BA4-9037-12DED4ACFAD8}" => Key deleted successfully.HKCR\CLSID\{077E470E-9C30-4BA4-9037-12DED4ACFAD8} => Key not found. Chrome StartupUrls deleted successfully."HKLM\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully."HKU\S-1-5-21-3818599572-803860725-2106987424-1171\SOFTWARE\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\elggllhppljlljkgfeokjpehmdamkejk" => Key deleted successfully.C:\ProgramData\7732b78000001459 => Moved successfully.C:\Users\jake.FCH\Documents\Optimizer Pro => Moved successfully.C:\Users\jake.FCH\AppData\Roaming\FileZilla => Moved successfully.C:\Program Files (x86)\WSE_Binkiland => Moved successfully.C:\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052} => Moved successfully.C:\Users\gltsadmin\AppData\Local\Temp\OfficeSetup.exe => Moved successfully.C:\Users\Jake\AppData\Local\Temp\Setup64.exe => Moved successfully.C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdek8ch.dll => Moved successfully.C:\Users\jake.FCH\AppData\Local\Temp\optprosetup.exe => Moved successfully.C:\Users\jake.FCH\AppData\Local\Temp\uninstall.exe => Moved successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4002D3B1-CEF4-41C9-9C63-A46FD8B97FF1}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68E7B32B-FF35-4A74-ADAF-A861DD4E61EC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68E7B32B-FF35-4A74-ADAF-A861DD4E61EC}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector" => Key deleted successfully.C:\Windows\SysWOW64\zlib.dll => ":DocumentSummaryInformation" ADS removed successfully.C:\Windows\SysWOW64\zlib.dll => ":SummaryInformation" ADS removed successfully.C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.EmptyTemp: => Removed 972.2 MB temporary data. The system needed a reboot. ==== End of Fixlog 22:04:05 ==== Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940535 Share Posted February 17, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 17/02/2015Scan Time: 22:15:01Logfile: Administrator: Yes Version: 2.00.4.1028Malware Database: v2015.02.17.11Rootkit Database: v2015.02.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Jake Scan Type: Threat ScanResult: CompletedObjects Scanned: 478497Time Elapsed: 33 min, 39 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 15PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{C292AD0A-C11F-479B-B8DB-743E72D283B0}, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\esrv.mysearchdialESrvc.1, Quarantined, [c2504fcb2e5cf83ed63063e010f3b848], PUP.Optional.MySearchDial.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, Quarantined, [9f731bffdab01d19fac44cbd0bf80ff1], PUP.Optional.Lasaoren.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\binkiland.exe, Quarantined, [739f49d173171521963aeaa692710ff1], PUP.Optional.Booster.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4ef60154}, Quarantined, [6fa309119befb97dbe64734543c08779], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [6ba746d4f19958de81a3ffb8f80b27d9], PUP.Optional.Binkiland.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Binkiland Browser, Quarantined, [070b78a23852ce687f4a8b9210f5ca36], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [3ed4c95174162f07a43df2e95da6b749], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [5db5d14917737eb8794da8492cd81de3], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [d0422dede5a552e4aa799b1cae5531cf], Registry Values: 1PUP.Optional.InstallCore.A, HKU\S-1-5-21-3818599572-803860725-2106987424-1171-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, Quarantined, [5db5d14917737eb8794da8492cd81de3] Registry Data: 0(No malicious items detected) Folders: 1PUP.Optional.SystemSpeedup, C:\Users\jake.FCH\AppData\Roaming\systweak\ssd, Quarantined, [e62c94861674e056feec5816da298977], Files: 3PUP.Optional.SystemSpeedup, C:\Users\jake.FCH\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [e62c94861674e056feec5816da298977], PUP.Optional.MySearchDial.A, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://start.mysearchdial.com/?f=1&a=dsites_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0E0AtD0C0E0AtG0C0FtByCtGyDyDtAyCtG0FtDyE0DtGtAtA0CtC0AyCtDzz0AzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyyC0B0EtD0EtAtGyC0CyCtCtGtBzyyEzytG0CtC0EzztGyCzy0E0ByBzz0FtC0AyBtD0B2Q&cr=1475100258&ir=",),Replaced,[5fb3d842dcae34020e58d62b967023dd] PUP.Optional.MySearchDial.A, C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://start.mysearchdial.com/?f=1&a=dsites_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzz0DtCtBtAzy0FtDzytCyD0D0FzztN0D0Tzu0SzztDyEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StAtC0E0AtD0C0E0AtG0C0FtByCtGyDyDtAyCtG0FtDyE0DtGtAtA0CtC0AyCtDzz0AzyyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzyyC0B0EtD0EtAtGyC0CyCtCtGtBzyyEzytG0CtC0EzztGyCzy0E0ByBzz0FtC0AyBtD0B2Q&cr=1475100258&ir=" ],), Replaced,[868cc258f09a3cfa652f659c75915ca4] Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940540 Share Posted February 17, 2015 AdwCleaner Results are here now # AdwCleaner v4.110 - Logfile created 17/02/2015 at 23:01:30# Updated 05/02/2015 by Xplode# Database : 2015-02-14.2 [server]# Operating system : Windows 7 Professional Service Pack 1 (x64)# Username : Jake - LT-01# Running from : C:\Users\jake.FCH\Downloads\AdwCleaner.exe# Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Program Files (x86)\SimilarSitesFile Deleted : C:\Windows\System32\roboot64.exe ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\systweakData Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Google Chrome v40.0.2214.111 ************************* AdwCleaner[R0].txt - [1749 bytes] - [17/02/2015 22:58:45]AdwCleaner[s0].txt - [1576 bytes] - [17/02/2015 23:01:30] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1635 bytes] ########## Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940544 Share Posted February 17, 2015 Here is the JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.2 (02.02.2015:1)OS: Windows 7 Professional x64Ran by Jake on 17/02/2015 at 23:08:42.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\jake.FCH\AppData\Roaming\search protection"Successfully deleted: [Folder] "C:\Users\jake.FCH\AppData\Roaming\systweak"Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 17/02/2015 at 23:14:42.73End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Jake176 Posted February 17, 2015 Author ID:940555 Share Posted February 17, 2015 ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.21, February 2015 (build 5.21.11102.0)Started On Tue Feb 17 23:18:09 2015 Engine: 1.1.11302.0Signatures: 1.191.3593.0 Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940567 Share Posted February 18, 2015 Is your system responding normally, are there any remaining issues or concerns? Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940569 Share Posted February 18, 2015 I dont see any issues my search features on chrome are google again and no signs of the infamous Bikiniland rubbish . Kevin you are a saviour . Im glad and very thankful for all the support . I believe my case is closed! Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940579 Share Posted February 18, 2015 Wait!!!!! Just noticed in Windows Task manager under processes i still have Optimizer Pro . exe Running , this has appeared since BikiniLand Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940581 Share Posted February 18, 2015 Just right clicked the processes and its file path is C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052} Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940591 Share Posted February 18, 2015 That will be removed when we clean up.... Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Purge System Restore Reset system settings Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Next, Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Let me know if we are ok to close out... Thanks, Kevin Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940686 Share Posted February 18, 2015 I ran the Delfix still had Optimizer Pro . exe Running afterwards it seemed to be launching in the quarantine folder , so i deleted the folder and restarted the machine and it has not re launched its self. Should i run Farbar again and post the results up? Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940735 Share Posted February 18, 2015 Yes please, run FRST again. Ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" link to tool follows if needed: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ Thanks, Kevin... Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940738 Share Posted February 18, 2015 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015Ran by Jake (administrator) on LT-01 on 18-02-2015 13:26:00Running from C:\Users\jake.FCH\Desktop\SecruityLoaded Profiles: Jake (Available profiles: Jake & Jake)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe() C:\Windows\System32\AppleOSSMgr.exe(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\AgentMon.exe(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_disp_service.exe(Microsoft) C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe(Sage (UK) Limited) C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe(RealVNC Ltd) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe( ) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\Lua.exe( ) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\Lua.exe(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\Kaseya.AgentEndpoint.exe(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_agent.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Google Inc.) C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe(Dropbox, Inc.) C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe(Kaseya International Limited) C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\KaUsrTsk.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe(Parallels Holdings, Ltd. and its affiliates.) C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe() C:\Program Files (x86)\iDisplay\adb.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [741760 2011-06-29] (Apple Inc.)HKLM-x32\...\Run: [KASHGRNLGH46933585833602] => C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\KaUsrTsk.exe [574992 2014-06-10] (Kaseya International Limited)HKLM-x32\...\Run: [AVP] => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [PAX] => C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_deskctl_wizard.exe [8174080 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Run: [Google Update] => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-11] (Google Inc.)HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\RunOnce: [uninstall C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-07] (Microsoft Corporation)Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnkShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnkShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companywebSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 8.8.8.8 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @tools.google.com/Google Update;version=3 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @tools.google.com/Google Update;version=9 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\jake.FCH\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-3818599572-803860725-2106987424-1171: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) Chrome: =======CHR Profile: C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]CHR Extension: (Google Wallet) - C:\Users\jake.FCH\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [224640 2011-06-29] ()R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)S3 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-05-19] (Citrix Online, a division of Citrix Systems, Inc.)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]R2 KAGRNLGH46933585833602; C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\AgentMon.exe [1152016 2014-06-10] (Kaseya International Limited)S3 Ktvn_GRNLGH46933585833602; C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\DesktopAccess\Ktvnserver.exe [825344 2013-07-02] (Kaseya LLC.) [File not signed]R2 prl_mobdisp; C:\Program Files (x86)\Parallels\Parallels Access\Application\prl_disp_service.exe [20879360 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.) [File not signed]R2 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2012-07-05] (Microsoft) [File not signed]R2 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2012-05-17] (Sage (UK) Limited) [File not signed]R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [1696496 2011-08-18] (RealVNC Ltd) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 applebmt; C:\Windows\System32\DRIVERS\applebmt.sys [52736 2011-06-03] (Apple Inc.)R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2011-03-25] (Apple Inc.)R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [38912 2011-03-25] (Apple Inc.)R3 iDispService; C:\Windows\System32\DRIVERS\idisplayminiport.sys [14248 2012-08-31] (SHAPE Services)R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [33680 2014-06-10] (Kaseya)R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-11-11] (Kaspersky Lab)R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30736 2009-09-03] (Kaspersky Lab)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [273200 2013-08-08] (Kaspersky Lab)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [32048 2011-09-01] (Kaspersky Lab ZAO)S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-18] (Malwarebytes Corporation)R3 prl_virtual_sound; C:\Windows\System32\DRIVERS\prl_virtual_sound.sys [46824 2013-08-27] (Parallels Holdings, Ltd. and its affiliates.) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 09:09 - 2015-02-18 09:11 - 00002006 _____ () C:\Users\jake.FCH\Desktop\Rkill.txt2015-02-18 09:09 - 2015-02-18 09:09 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\jake.FCH\Downloads\rkill.exe2015-02-18 09:09 - 2015-02-18 09:09 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\jake.FCH\Downloads\rkill64.exe2015-02-18 08:54 - 2015-02-18 08:56 - 00000000 ____D () C:\AdwCleaner2015-02-18 08:51 - 2015-02-18 08:52 - 00000890 _____ () C:\DelFix.txt2015-02-18 08:50 - 2015-02-18 08:50 - 00709564 _____ () C:\Users\jake.FCH\Downloads\delfix_10.8.exe2015-02-18 00:22 - 2015-02-18 00:23 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE (2).exe2015-02-17 23:55 - 2015-02-18 13:26 - 00000000 ___RD () C:\Users\jake.FCH\Desktop\Secruity2015-02-17 23:16 - 2015-02-17 23:17 - 39739064 _____ (Microsoft Corporation) C:\Users\jake.FCH\Downloads\Windows-KB890830-x64-V5.21.exe2015-02-17 21:59 - 2015-02-18 00:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-02-17 21:58 - 2015-02-17 21:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-02-17 21:58 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-02-17 21:58 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-02-17 21:58 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-02-17 21:19 - 2015-02-17 21:20 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\jake.FCH\Downloads\mbam-setup-2.0.4.1028.exe2015-02-17 21:07 - 2015-02-18 13:26 - 00000000 ____D () C:\FRST2015-02-15 15:17 - 2015-02-15 15:17 - 00000000 ____D () C:\Users\jake.FCH\.android2015-02-15 15:09 - 2015-02-15 15:09 - 00003286 _____ () C:\Windows\System32\Tasks\iDisplayStartup2015-02-15 15:09 - 2015-02-15 15:09 - 00000000 ____D () C:\Program Files\Bonjour2015-02-15 15:09 - 2015-02-15 15:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour2015-02-15 15:08 - 2015-02-15 15:10 - 00000000 ____D () C:\Program Files (x86)\iDisplay2015-02-15 15:08 - 2015-02-15 15:08 - 00001015 _____ () C:\Users\jake.FCH\Desktop\iDisplay.lnk2015-02-15 15:08 - 2015-02-15 15:08 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\SHAPE2015-02-15 15:08 - 2015-02-15 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDisplay2015-02-15 15:08 - 2012-08-31 16:51 - 00019368 _____ (SHAPE Services) C:\Windows\system32\idisplay.dll2015-02-15 15:08 - 2012-08-31 16:51 - 00014248 _____ (SHAPE Services) C:\Windows\system32\Drivers\idisplayminiport.sys2015-02-15 15:06 - 2015-02-15 15:07 - 04376008 _____ (SHAPE ) C:\Users\jake.FCH\Downloads\iDisplay_setup.exe2015-02-14 18:48 - 2015-02-18 09:01 - 00000000 ___RD () C:\Users\jake.FCH\Dropbox2015-02-14 18:48 - 2015-02-14 18:48 - 00001139 _____ () C:\Users\jake.FCH\Desktop\Dropbox.lnk2015-02-14 18:47 - 2015-02-14 18:47 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2015-02-14 18:41 - 2015-02-18 09:01 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Dropbox2015-02-14 18:40 - 2015-02-14 18:41 - 00355464 _____ (Dropbox, Inc.) C:\Users\jake.FCH\Downloads\DropboxInstaller.exe2015-02-13 13:06 - 2015-02-13 13:08 - 00000375 _____ () C:\Users\jake.FCH\Desktop\Capella Very Berry.rec2015-02-13 12:49 - 2015-02-13 13:08 - 00000333 _____ () C:\Users\jake.FCH\Desktop\Capella Lemon & Lim.rec2015-02-13 11:16 - 2015-02-13 13:08 - 00000370 _____ () C:\Users\jake.FCH\Desktop\Perpetua Vanilla Custard.rec2015-02-11 17:15 - 2015-02-11 17:15 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE (1).exe2015-02-11 14:39 - 2015-02-11 14:39 - 00019968 _____ () C:\Users\jake.FCH\Downloads\simple-accounts-spreadsheet.xls2015-02-11 14:16 - 2015-02-11 14:17 - 04171576 _____ (Broadcom Corporation.) C:\Users\jake.FCH\Downloads\SetupBtwDownloadSE.exe2015-02-11 14:15 - 2015-02-11 14:15 - 00024281 _____ () C:\Users\jake.FCH\Downloads\simple-bookkeeping-spreadsheet-v-1.02.xlsx2015-02-11 10:42 - 2015-02-11 10:43 - 09861884 _____ () C:\Users\jake.FCH\Downloads\Joomla_3.3.6-Stable-Full_Package.zip2015-02-06 13:09 - 2015-02-14 17:36 - 00000349 _____ () C:\Users\jake.FCH\Desktop\Capella Sweet Mango.rec2015-02-06 12:58 - 2015-02-06 12:58 - 00000272 _____ () C:\Users\jake.FCH\Desktop\Natural Essence Mango.rec2015-02-06 12:43 - 2015-02-06 12:43 - 01194117 _____ () C:\Users\jake.FCH\Downloads\Capella_MSDS_Docs.zip2015-02-06 11:33 - 2015-02-06 11:33 - 00002785 _____ () C:\Users\Public\Desktop\eJuice Me Up.lnk2015-02-06 11:29 - 2015-02-06 11:29 - 04536465 _____ () C:\Users\jake.FCH\Downloads\ejuicemeup.zip2015-02-04 10:35 - 2015-02-04 10:35 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d0406644ebd2af.job2015-02-04 10:34 - 2015-02-18 12:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824.job2015-02-04 10:34 - 2015-02-18 12:31 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7.job2015-02-04 10:34 - 2015-02-04 10:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1d04066341a28242015-02-04 10:34 - 2015-02-04 10:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d72015-02-04 09:36 - 2015-02-04 09:36 - 00002324 _____ () C:\Users\jake.FCH\Desktop\Terminal Server.RDP2015-02-04 07:13 - 2015-02-04 07:13 - 00000000 ____D () C:\Users\jake.FCH\Documents\My Curse2015-02-04 07:12 - 2015-02-04 19:54 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Curse Advertising2015-02-04 07:11 - 2015-02-04 07:11 - 00000318 _____ () C:\Users\jake.FCH\Desktop\Curse Client.appref-ms2015-02-04 07:11 - 2015-02-04 07:11 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse2015-02-04 07:08 - 2015-02-04 07:08 - 00003118 _____ () C:\Windows\System32\Tasks\{5D614380-5E15-4822-B4FF-BE839BE80CBB}2015-02-04 07:07 - 2015-02-04 07:07 - 00402696 _____ () C:\Users\jake.FCH\Downloads\setup.exe2015-02-03 23:38 - 2015-02-03 23:38 - 00001244 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk2015-02-03 23:38 - 2015-02-03 23:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft2015-02-03 23:26 - 2015-02-04 20:06 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft2015-02-03 23:16 - 2015-02-06 18:27 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Battle.net2015-02-03 23:16 - 2015-02-06 11:50 - 00000000 ____D () C:\Program Files (x86)\Battle.net2015-02-03 23:16 - 2015-02-03 23:17 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Battle.net2015-02-03 23:16 - 2015-02-03 23:16 - 00001152 _____ () C:\Users\Public\Desktop\Battle.net.lnk2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Blizzard Entertainment2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net2015-02-03 23:16 - 2015-02-03 23:16 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment2015-02-03 23:13 - 2015-02-03 23:13 - 02868792 _____ (Blizzard Entertainment) C:\Users\jake.FCH\Downloads\Battle.net-Setup-enGB.exe2015-02-03 23:13 - 2015-02-03 23:13 - 00000000 ____D () C:\ProgramData\Battle.net2015-02-03 22:54 - 2015-02-04 02:47 - 00000000 ____D () C:\Windows.old2015-02-03 22:49 - 2015-02-03 22:49 - 00008192 _____ () C:\Windows\system32\config\userdiff2015-02-03 22:35 - 2015-02-03 15:27 - 00000000 ____D () C:\RecoveryImage2015-02-03 14:31 - 2015-01-20 10:26 - 00000001 ___SH () C:\BOOTNXT2015-02-03 14:28 - 2015-02-03 14:28 - 00000757 _____ () C:\Windows\DtcInstall.log2015-02-03 14:21 - 2015-02-03 15:27 - 00006605 _____ () C:\Windows\comsetup.log2015-02-03 14:15 - 2015-02-03 14:31 - 00099232 _____ () C:\Windows\diagerr.xml2015-02-03 14:15 - 2015-02-03 14:31 - 00043818 _____ () C:\Windows\diagwrn.xml2015-02-03 10:17 - 2015-02-03 10:17 - 02916352 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-02-03 10:17 - 2015-02-03 10:17 - 02589696 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-02-03 10:17 - 2015-02-03 10:17 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-02-03 10:17 - 2015-02-03 10:17 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-02-03 10:17 - 2015-02-03 10:17 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-02-03 10:17 - 2015-02-03 10:17 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-02-03 10:14 - 2015-02-03 10:15 - 11218928 _____ (Microsoft Corporation) C:\Users\jake.FCH\Downloads\Windows10TechnicalPreview.exe2015-02-03 09:33 - 2015-02-03 10:17 - 170040511 _____ () C:\Users\jake.FCH\Downloads\Windows10_TechnicalPreview_x64_EN-GB_9926.iso.crdownload2015-01-29 11:56 - 2015-01-29 11:56 - 00000938 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk2015-01-29 11:56 - 2012-07-24 00:00 - 00466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll2015-01-29 11:56 - 2011-12-12 00:00 - 00135824 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe2015-01-29 11:55 - 2015-01-29 11:55 - 00000000 ____D () C:\Program Files (x86)\epson2015-01-29 11:54 - 2015-01-29 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON2015-01-29 11:53 - 2011-03-14 03:03 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_YD4BJJE.DLL2015-01-29 11:53 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL2015-01-29 11:43 - 2015-02-04 02:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software2015-01-29 11:43 - 2015-01-29 11:43 - 00000000 ____D () C:\Program Files (x86)\EPSON Software2015-01-20 16:50 - 2015-02-03 18:51 - 00000000 ___HD () C:\$Windows.~BT ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 13:25 - 2013-07-02 15:21 - 00002326 ____H () C:\Users\jake.FCH\Documents\Default.rdp2015-02-18 12:53 - 2009-07-14 05:32 - 00000000 ____D () C:\Windows\system32\FxsTmp2015-02-18 12:50 - 2013-06-28 11:08 - 01856428 _____ () C:\Windows\WindowsUpdate.log2015-02-18 12:36 - 2013-07-02 09:52 - 00000000 ____D () C:\kworking2015-02-18 12:32 - 2013-09-05 11:40 - 00000000 ____D () C:\ProgramData\Parallels2015-02-18 09:08 - 2009-07-14 04:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-18 09:08 - 2009-07-14 04:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-18 09:01 - 2013-09-05 11:40 - 03074049 _____ () C:\Users\jake.FCH\AppData\Local\parallels.log2015-02-18 09:01 - 2013-07-03 20:05 - 00000000 ____D () C:\Users\jake.FCH\AppData\Local\Deployment2015-02-18 09:00 - 2013-08-08 16:36 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2015-02-18 08:59 - 2014-11-02 01:00 - 00819786 _____ () C:\Windows\setupact.log2015-02-18 08:59 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-18 00:01 - 2013-07-02 11:18 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl2015-02-17 23:02 - 2014-11-21 10:24 - 00015364 _____ () C:\Windows\PFRO.log2015-02-17 22:52 - 2013-09-05 11:40 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Parallels2015-02-17 22:50 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\tracing2015-02-16 12:32 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF2015-02-15 15:17 - 2013-07-02 11:53 - 00000000 ____D () C:\Users\jake.FCH2015-02-15 15:16 - 2013-09-05 11:40 - 00030624 _____ () C:\Users\jake.FCH\AppData\Local\parallels-webrtc.log2015-02-15 10:35 - 2014-02-23 14:19 - 00000000 ____D () C:\Users\jake.FCH\Documents\Simply Vape Ltd2015-02-14 23:50 - 2014-04-09 14:08 - 00001110 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk2015-02-14 18:34 - 2009-07-14 05:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-05 10:57 - 2013-07-04 10:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 10:57 - 2013-07-04 10:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 10:35 - 2014-11-15 01:49 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d00076542f24e7.job2015-02-04 07:13 - 2013-12-05 17:02 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\.minecraft2015-02-04 02:49 - 2013-06-28 13:21 - 00000000 __SHD () C:\Recovery2015-02-04 02:42 - 2014-10-10 15:05 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information2015-02-04 02:42 - 2014-10-10 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP270 series2015-02-04 02:42 - 2014-09-17 21:15 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-02-04 02:42 - 2014-08-22 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2015-02-04 02:42 - 2014-08-04 23:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2015-02-04 02:42 - 2014-07-07 14:48 - 00000000 ____D () C:\Windows\system32\SPReview2015-02-04 02:42 - 2014-07-07 14:47 - 00000000 ____D () C:\Windows\system32\EventProviders2015-02-04 02:42 - 2014-07-03 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2015-02-04 02:42 - 2014-05-19 10:11 - 00000000 ____D () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix2015-02-04 02:42 - 2014-02-23 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Plan Pro2015-02-04 02:42 - 2014-02-23 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Misc2015-02-04 02:42 - 2014-02-23 17:19 - 00000000 ____D () C:\Windows\SysWOW64\Locations2015-02-04 02:42 - 2013-11-08 23:28 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2015-02-04 02:42 - 2013-11-08 23:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR2015-02-04 02:42 - 2013-09-11 10:40 - 00000000 ____D () C:\Windows\system32\appmgmt2015-02-04 02:42 - 2013-09-05 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parallels2015-02-04 02:42 - 2013-08-08 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 6.0 for Windows Workstations MP42015-02-04 02:42 - 2013-07-16 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage Accounts2015-02-04 02:42 - 2013-07-16 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sage 50 Payroll2015-02-04 02:42 - 2013-07-04 13:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ___RD () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ____D () C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 20082015-02-04 02:42 - 2013-07-02 13:27 - 00000000 ____D () C:\Users\Mike2015-02-04 02:42 - 2013-07-02 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 20132015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ___RD () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ___RD () C:\Users\gltsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-04 02:42 - 2013-07-02 12:00 - 00000000 ____D () C:\Users\gltsadmin2015-02-04 02:42 - 2013-07-02 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC2015-02-04 02:42 - 2013-07-02 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaseya2015-02-04 02:42 - 2013-06-28 13:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ___RD () C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-04 02:42 - 2013-06-28 13:22 - 00000000 ____D () C:\Users\Jake2015-02-04 02:42 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\SysWOW64\sysprep2015-02-04 02:42 - 2009-07-14 05:37 - 00000000 ____D () C:\Windows\DigitalLocker2015-02-04 02:42 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files\Windows Sidebar2015-02-04 02:42 - 2009-07-14 05:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 __RSD () C:\Windows\Media2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\zh-HK2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\tr-TR2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\spool2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Recovery2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\MUI2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help2015-02-04 02:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2015-02-04 02:41 - 2014-11-25 09:36 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast2015-02-04 02:41 - 2013-07-27 19:45 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ___RD () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ___RD () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-02-04 02:41 - 2013-07-02 11:53 - 00000000 ____D () C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Small Business Server 20082015-02-03 18:52 - 2013-06-28 20:04 - 00000000 ____D () C:\Windows\Panther2015-02-03 15:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Registration2015-02-03 15:26 - 2013-07-04 10:32 - 00004004 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-03 15:26 - 2013-07-04 10:32 - 00003752 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-03 14:31 - 2013-06-28 20:04 - 00008192 __RSH () C:\BOOTSECT.BAK2015-02-03 14:30 - 2014-11-02 01:00 - 00029260 _____ () C:\Windows\setuperr.log2015-02-03 12:42 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache2015-01-29 17:49 - 2014-07-07 11:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-29 11:52 - 2014-10-10 17:31 - 00000000 ____D () C:\ProgramData\EPSON ==================== Files in the root of some directories ======= 2014-02-22 18:46 - 2014-02-22 18:49 - 7140618 _____ () C:\Users\jake.FCH\AppData\Roaming\bppenu11.log2014-03-14 15:46 - 2014-03-14 15:46 - 0000045 _____ () C:\Users\jake.FCH\AppData\Roaming\WB.CFG2013-09-05 11:40 - 2013-09-05 11:40 - 0000000 _____ () C:\Users\jake.FCH\AppData\Local\parallels-jingle.log2013-09-05 11:40 - 2015-02-15 15:16 - 0030624 _____ () C:\Users\jake.FCH\AppData\Local\parallels-webrtc.log2013-09-05 11:40 - 2015-02-18 09:01 - 3074049 _____ () C:\Users\jake.FCH\AppData\Local\parallels.log2014-09-22 18:53 - 2014-09-22 18:53 - 0005217 _____ () C:\Users\jake.FCH\AppData\Local\recently-used.xbel Some content of TEMP:====================C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dllC:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exeC:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-13 01:10 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940739 Share Posted February 18, 2015 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015Ran by Jake at 2015-02-18 13:27:38Running from C:\Users\jake.FCH\Desktop\SecruityBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accounts (x32 Version: 19.0.11.260 - Sage (UK) Ltd) HiddenAdobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)Boot Camp Services (HKLM\...\{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}) (Version: 4.0.4033 - Apple Inc.)Business Plan Pro 15th Anniversary Edition (HKLM-x32\...\{3E9E68FB-49FA-410A-8787-424F2A506E0F}) (Version: 11.25.0009 - Palo Alto Software, Inc.)Canon MP270 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series) (Version: - )ChromecastApp (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)Curse Client (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\101a9f93b8f0bb6f) (Version: 5.1.1.820 - Curse)Dropbox (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 14.7 - Breaktru Software)eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.0.0.2 - Breaktru Software)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoToAssist Customer 2.0.0.637 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.0.0.637 - Citrix Online)iDisplay 2.4.2 (HKLM-x32\...\iDisplay_is1) (Version: 2.4.2.16 - SHAPE)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Kaseya Agent (jake1.root.sunsetwest - ksaas01.glts.co.uk) (HKLM-x32\...\KAGRNLGH46933585833602) (Version: 7.0.0.1 - Kaseya)Kaspersky Anti-Virus 6.0 for Windows Workstations (HKLM-x32\...\{8F023021-A7EB-45D3-9269-D65264C81729}) (Version: 6.0.4.1611 - Kaspersky Lab)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SkyDrive (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) HiddenPando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)Parallels Access (HKLM-x32\...\{DBF45F0B-6B46-4CFD-A56E-475900A4BE4F}) (Version: 1.0.22682 - Parallels Software International Inc)Payroll for Windows (x32 Version: 19 - Sage (UK) Limited) HiddenRealtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)Sage 50 Accounts 2013 (HKLM-x32\...\InstallShield_{45ECE61A-C8EE-4847-852C-6E8A8192D424}) (Version: 19.0.11.260 - Sage (UK) Ltd)Sage 50 Payroll (HKLM-x32\...\{AD0310FE-0F05-4C17-AC24-E736D8DA5C66}) (Version: 19.00 - Sage (UK) Ltd.)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.38846 - TeamViewer)Unity Web Player (HKU\S-1-5-21-3818599572-803860725-2106987424-1171\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)VNC Enterprise Edition E4.6.3 (HKLM-x32\...\RealVNC_is1) (Version: E4.6.3 - RealVNC Ltd)Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) (HKLM\...\2CD6536AAFFF9B465A871060CF483EC9F3341D29) (Version: 06/27/2007 2.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1) (HKLM\...\0B6B49213CF56838AFC233905FA14AC47EAA9B28) (Version: 10/05/2010 3.2.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) (HKLM\...\70C7CBB0824BF74552A2F28F5FFBF62A15053DA8) (Version: 10/25/2007 2.0.1.0 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) (HKLM\...\703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) (HKLM\...\455287ECCB4BABCDE9C6713B82B1BDA990D55398) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) (HKLM\...\F08FFCF5C857951E0CC5F736988F3D01BF425252) (Version: 05/05/2011 4.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) (HKLM\...\D76172B51B1ECB34E38F97F42F51B7A46FA15F52) (Version: 04/05/2011 3.2.0.8 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) (HKLM\...\A0A897639A1D288A8B472FE790EBF9DB71E52ACF) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) (HKLM\...\76830D11874044260C923425E7F5A72F25EDA758) (Version: 07/13/2009 3.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0) (HKLM\...\C7DD621795A42EAE550280D4D7601459F35C4EC2) (Version: 01/17/2011 3.2.0.0 - Apple Inc.)Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)Windows Driver Package - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2) (HKLM\...\7C9678A21221D0575C74AF7CE68E28C2771F9E41) (Version: 12/02/2010 14.4.2.2 - Broadcom)Windows Driver Package - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22) (HKLM\...\110E24F054DE5F4F72985BC1F3A53F61985BD4CC) (Version: 04/06/2011 5.100.198.22 - Broadcom)Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220) (HKLM\...\26D089A9557429904D9851293EA25C911B64CCF8) (Version: 01/18/2011 1.0.0.220 - Broadcom Corporation)Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30) (HKLM\...\43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C) (Version: 12/03/2010 6.6001.1.30 - Cirrus Logic, Inc.)Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)Windows Driver Package - Intel System (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)Windows Small Business Server 2008 ClientAgent (HKLM\...\{E4FF4DF1-F99C-49AC-B398-BE0887432846}) (Version: 6.0.5601.0 - Microsoft Corporation)Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{F5E5D7CA-0F94-41A3-8106-66473C2F3728}) (Version: 6.0.5601.0 - Microsoft Corporation)WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{37f07c3f-26b0-451e-9760-16f902549186}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\SkyDriveShell64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64\FileSyncApi64.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-3818599572-803860725-2106987424-1171_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jake.FCH\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= 18-02-2015 08:51:40 End of disinfection ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0DEC445F-9CF1-43B1-85FC-7445AAB9A67C} - System32\Tasks\{5D614380-5E15-4822-B4FF-BE839BE80CBB} => pcalua.exe -a C:\Users\jake.FCH\Downloads\setup.exe -d C:\Users\jake.FCH\DownloadsTask: {21B9848D-2B4F-4D56-9AE9-F148C552B116} - System32\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)Task: {4A12C1D3-320A-4253-80D4-428CFFE67B29} - System32\Tasks\{20D3C1EC-494D-4CEE-9F2C-0081A57D2063} => pcalua.exe -a C:\Users\jake.FCH\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe -d C:\Users\jake.FCH\DownloadsTask: {6EB263BD-5DF8-4807-AFE8-3936A6C39717} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-12] (Microsoft Corporation)Task: {721B6BAF-6992-487F-9D9C-9950978C4C15} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)Task: {85F8A325-49A9-4153-A559-6BF0B77BF2AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)Task: {92E768C4-A2A7-46DB-89BF-5EDE51A787AD} - System32\Tasks\iDisplayStartup => C:\Program Files (x86)\iDisplay\iDisplay.exe [2013-03-20] (SHAPE)Task: {A1EE1208-4D7C-481B-BF9B-90FA09B5A106} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)Task: {A9FD3FA8-996E-4528-9F80-9BB1D74F93FF} - System32\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)Task: {CD1BB909-76A6-404D-B6BA-B075EACA6673} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {F9D2225A-706D-4277-B995-196E27496E9D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d04066335f39d7.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04066341a2824.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1cf91fcaea05933.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1cfeff2abaf502b.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d00076542f24e7.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3818599572-803860725-2106987424-1171Core1d0406644ebd2af.job => C:\Users\jake.FCH\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-06-29 06:49 - 2011-06-29 06:49 - 00224640 _____ () C:\Windows\system32\AppleOSSMgr.exe2014-03-25 10:42 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-11-21 03:21 - 2014-09-23 13:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-06-28 13:28 - 2011-06-13 17:38 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2015-02-15 15:08 - 2013-03-19 15:02 - 00815104 _____ () C:\Program Files (x86)\iDisplay\adb.exe2012-08-16 20:45 - 2012-08-16 20:45 - 00028504 _____ () c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\volenum.ppl2013-07-02 09:48 - 2014-06-10 17:57 - 00925696 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\libkacm.dll2013-07-02 09:48 - 2014-06-10 17:57 - 00110592 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\scripts\socket\core.dll2013-07-02 09:48 - 2014-06-10 17:57 - 00073728 _____ () C:\Program Files (x86)\Kaseya\GRNLGH46933585833602\extensions\scripts\mime\core.dll2015-02-14 18:47 - 2015-02-10 21:00 - 00750080 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\libGLESv2.dll2015-02-18 09:01 - 2015-02-18 09:01 - 00043008 _____ () c:\users\jake.fch\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll2015-02-14 18:47 - 2015-02-10 21:00 - 00047616 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\libEGL.dll2015-02-14 18:47 - 2015-02-10 21:00 - 00865280 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll2015-02-14 18:47 - 2015-02-10 21:00 - 00200704 _____ () C:\Users\jake.FCH\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll2013-08-27 04:18 - 2013-08-27 04:18 - 00397824 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlSdkCommunication.dll2013-08-27 04:13 - 2013-08-27 04:13 - 00195584 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\AbstractTask.dll2013-08-27 04:21 - 2013-08-27 04:21 - 08210944 _____ () C:\Program Files (x86)\Parallels\Parallels Access\Application\PrlGui.dll2015-02-06 11:26 - 2015-02-04 09:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll2015-02-06 11:26 - 2015-02-04 09:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll2015-02-06 11:26 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll2015-02-06 11:26 - 2015-02-04 09:02 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAGRNLGH46933585833602 => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAGRNLGH46933585833602 => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3818599572-803860725-2106987424-1171\Control Panel\Desktop\\Wallpaper -> C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 208.67.222.222 - 8.8.8.8 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-448919324-498970675-1967448580-500 - Administrator - Disabled)gltsadmin (S-1-5-21-448919324-498970675-1967448580-1004 - Administrator - Enabled)Guest (S-1-5-21-448919324-498970675-1967448580-501 - Limited - Disabled)Jake (S-1-5-21-448919324-498970675-1967448580-1000 - Administrator - Enabled) => C:\Users\Jake ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral DeviceDescription: Bluetooth Peripheral DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral DeviceDescription: Bluetooth Peripheral DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral DeviceDescription: Bluetooth Peripheral DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors:==================Error: (02/18/2015 09:20:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:20:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in ._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 08:50:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:33:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:03:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong System errors:=============Error: (02/18/2015 01:26:00 PM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain FCH due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (02/18/2015 00:37:03 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (02/18/2015 00:34:33 PM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (02/18/2015 09:01:43 AM) (Source: TermService) (EventID: 1067) (User: )Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.. Error: (02/18/2015 09:00:17 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: FCH)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (02/18/2015 08:59:19 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (02/18/2015 08:59:08 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain FCH due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (02/18/2015 04:55:10 AM) (Source: NETLOGON) (EventID: 5719) (User: )Description: This computer was not able to set up a secure session with a domaincontroller in domain FCH due to the following: %%1311 This may lead to authentication problems. Make sure that thiscomputer is connected to the network. If the problem persists,please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, itsets up the secure session to the primary domain controller emulator in the specifieddomain. Otherwise, this computer sets up the secure session to any domain controllerin the specified domain. Error: (02/18/2015 00:01:38 AM) (Source: Server) (EventID: 2505) (User: )Description: The server could not bind to the transport \Device\NetBT_Tcpip_{792D3126-A6D1-4311-95D6-1F1959E06F30} because another computer on the network has the same name. The server could not start. Error: (02/18/2015 00:01:32 AM) (Source: RasSstp) (EventID: 1) (User: )Description: CoId={8444E375-0131-40D9-A3BB-C61AEFB7DD2C}:The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again. The certificate's CN name does not match the passed value. Microsoft Office Sessions:=========================Error: (02/18/2015 09:20:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:20:19 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in ._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 09:01:41 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Bad service type in LT-01._MSM_Video_Control_Service._tcp.local. Application protocol name must be underscore plus 1-14 characters. See <http://www.dns-sd.org/ServiceTypes.html> Error: (02/18/2015 08:50:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:33:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:20:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong Error: (02/18/2015 08:03:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong ==================== Memory info =========================== Processor: Intel® Core i7-2640M CPU @ 2.80GHzPercentage of memory in use: 52%Total physical RAM: 4006.73 MBAvailable physical RAM: 1885.77 MBTotal Pagefile: 8011.65 MBAvailable Pagefile: 5829.48 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (BOOTCAMP) (Fixed) (Total:139.53 GB) (Free:70.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: (Macintosh HD) (Fixed) (Total:557.86 GB) (Free:436.57 GB) HFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 00007F6B) Partition: GPT Partition Type.Partition 2: (Not Active) - (Size=557.9 GB) - (Type=AF)Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)Partition 4: (Active) - (Size=139.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940742 Share Posted February 18, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, If no remaining issues or concerns run the following to clean up: Download "Delfix by Xplode" and save it to your desktop. Or use the following if first link is down: "Delfix link mirror" Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Any remnant files/logs from tools we have used can be deleted… Let me know if we are ok to close out... Thanks, Kevin..Fixlist.txt Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940746 Share Posted February 18, 2015 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015Ran by Jake at 2015-02-18 13:53:29 Run:1Running from C:\Users\jake.FCH\Desktop\SecruityLoaded Profiles: Jake (Available profiles: Jake & Jake)Boot Mode: Normal============================================== Content of fixlist:*****************startStartup: C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnkShortcutTarget: OptimizerPro.lnk -> C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe (No File)C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dllC:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exeC:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dllEmptyTemp:end ***************** C:\Users\jake.FCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerPro.lnk => Moved successfully.C:\FRST\Quarantine\C\ProgramData\{0a12b814-8695-c7dc-0a12-2b814869e052}\OptimizerPro.exe not found.C:\Users\jake.FCH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2twixz.dll => Moved successfully.C:\Users\jake.FCH\AppData\Local\Temp\Quarantine.exe => Moved successfully.C:\Users\jake.FCH\AppData\Local\Temp\sqlite3.dll => Moved successfully.EmptyTemp: => Removed 102.1 MB temporary data. The system needed a reboot. ==== End of Fixlog 13:53:34 ==== Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940771 Share Posted February 18, 2015 What is the current status of your system, are there any remaining issues or concerns, if none are we ok to close out... Link to post Share on other sites More sharing options...
Jake176 Posted February 18, 2015 Author ID:940805 Share Posted February 18, 2015 I believe we are good Kevin , I think we can close !!!!! Thanks for all the support you have given!!!!! Link to post Share on other sites More sharing options...
kevinf80 Posted February 18, 2015 ID:940844 Share Posted February 18, 2015 You`re very welcome, will close out shortly.... Take care and surf safe, Kevin..... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 2, 2015 Root Admin ID:944275 Share Posted March 2, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts