Jump to content

CPU usage and memory usage


aks
 Share

Recommended Posts

Hello and welcome to Malwarebytes.org

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.


Next,

Change the download folder setting in the default Browser so all tools we may use are saved to the Desktop:

Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser. Settings.JPG
Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.

Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder and the click the "Select Folder" button. Click OK to get out of the Options menu.

IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Next,

Follow the instructions in the following link to show hidden files:

http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…




If Malwarebytes is not installed follow these instructions first:

Download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish. Follow the instructions above....


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



Next,

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!



Let me see those logs in your reply....

Thank you,

Kevin...
 

Link to post
Share on other sites

RogueKiller V10.10.7.0 [sep 28 2015] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : AKS [Administrator]

Started from : C:\Users\AKS\Desktop\RogueKiller (1).exe

Mode : Scan -- Date : 10/03/2015 23:23:20

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 14 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\B4-Service (C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4150CPR\B4-Service.exe) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\B4-Service (C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4150CPR\B4-Service.exe) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TeamViewer7 ("c:\users\aks\appdata\local\temp\teamviewer\version7\TeamViewer_Service.exe") -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\B4-Service (C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4150CPR\B4-Service.exe) -> Found

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\B4-Service (C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4150CPR\B4-Service.exe) -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-414015972-2062153888-1237451347-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-414015972-2062153888-1237451347-1001\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.10.1 ([(Private Address) (XX)])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8C6862E5-1861-41F6-9312-21A50BE840DE} | DhcpNameServer : 10.1.10.1 ([(Private Address) (XX)])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8C6862E5-1861-41F6-9312-21A50BE840DE} | DhcpNameServer : 10.1.10.1 ([(Private Address) (XX)])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8C6862E5-1861-41F6-9312-21A50BE840DE} | DhcpNameServer : 10.1.10.1 ([(Private Address) (XX)])  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8C6862E5-1861-41F6-9312-21A50BE840DE} | DhcpNameServer : 10.1.10.1 ([(Private Address) (XX)])  -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-414015972-2062153888-1237451347-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-414015972-2062153888-1237451347-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++

--- User ---

[MBR] 9daffe5b25ba2b69640f46c1ef4ae48b

[bSP] 0ef8db4ffde83b3e297b794ce0e48fa4 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 291242 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 596465664 | Size: 14001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

User = LL1 ... OK

User = LL2 ... OK
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/1/2015
Scan Time: 11:50 PM
Logfile: 
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.10.02.01
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: AKS
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 521809
Time Elapsed: 49 min, 49 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 33
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [b970a5ad5f2c2c0a3419e71148bafa06], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [b970a5ad5f2c2c0a3419e71148bafa06], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [b970a5ad5f2c2c0a3419e71148bafa06], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [79b0282ae3a842f466f29b5d53afff01], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [79b0282ae3a842f466f29b5d53afff01], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{D5FA0C65-08BE-4F86-B30F-2E285694863A}, Quarantined, [79b0282ae3a842f466f29b5d53afff01], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}, Quarantined, [29000c468803e155b39fc434fc06c838], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}, Quarantined, [29000c468803e155b39fc434fc06c838], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}, Quarantined, [29000c468803e155b39fc434fc06c838], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [0326e1713e4da78fb273f3054db55ba5], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0DC6DC6C-048E-4B03-8F2D-7D6B90571172}, Quarantined, [0326e1713e4da78fb273f3054db55ba5], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost.1, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\DcaHost.DcaHost, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\DcaHost.DcaHost.1, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\DcaHost.DcaHost.1, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}, Quarantined, [6dbcdd751774e05625023cbc4bb736ca], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [68c1d47e0883211584a432c62cd6b34d], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D4F484EE-BF68-4B61-AB83-C1E0EF88D876}, Quarantined, [68c1d47e0883211584a432c62cd6b34d], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\CptUrlPassthru.DLL, Quarantined, [b871a2b092f9171fb9bc538c08fce51b], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-bho.DLL, Quarantined, [27020e4457345cdad79fd50a4bb950b0], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\APPID\dca-host.exe, Quarantined, [9693df73622962d4aec9c51ae024b64a], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\CptUrlPassthru.DLL, Quarantined, [76b32f232c5fe94dc0b5bf20d62ed927], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-bho.DLL, Quarantined, [d05978da2e5dd165ed899e418d773dc3], 
PUP.Optional.Compete, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\dca-host.exe, Quarantined, [f33697bb414a8aacda9d2fb07b8954ac], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\CptUrlPassthru.DLL, Quarantined, [8e9b9ab81477d165e491ecf3669e8878], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-bho.DLL, Quarantined, [40e9e46e503bb97df87e14cb0bf91de3], 
PUP.Optional.Compete, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\dca-host.exe, Quarantined, [c168351d2c5fa393c7b0cb14c341af51], 
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.compete.cinm, Quarantined, [002982d0f09bd1656cbce4f92ada4db3], 
 
Registry Values: 2
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [f43550023b50d75f33f644995ea6837d]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{7D87094D-49E1-4C72-8C9E-3D937A119BE5}|AppPath, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [62c7034ff2992c0ab27734a960a416ea]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-10-2015
Ran by AKS (administrator) on MININT-DLL3ED3 (03-10-2015 22:06:45)
Running from C:\Users\AKS\Desktop
Loaded Profiles: AKS & UpdatusUser (Available Profiles: AKS & UpdatusUser)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Users\AKS\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Akamai Technologies, Inc.) C:\Users\AKS\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\AKS\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Farbar) C:\Users\AKS\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [913216 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLUPDR] => C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE [587584 2010-06-01] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1284416 2010-06-01] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1064144 2015-03-06] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Run: [Akamai NetSession Interface] => C:\Users\AKS\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Run: [Dropbox Update] => C:\Users\AKS\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-03-04] (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-03-06] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-10-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-11-28]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C9DCFD6-9153-4FC3-96A8-790F9026F4C0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8C6862E5-1861-41F6-9312-21A50BE840DE}: [DhcpNameServer] 10.1.10.1
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-414015972-2062153888-1237451347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-414015972-2062153888-1237451347-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg.dll No File
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2011-11-08] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No File
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
IE Session Restore: HKU\S-1-5-21-414015972-2062153888-1237451347-1001 -> is enabled.
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxps://virtualkitchenshowroom.homedepot.com/VS/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll [2012-05-19] (TODO: <Company name>)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\TmIEPlg32.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\AKS\AppData\Roaming\Mozilla\Firefox\Profiles\mc4zkszn.default-1389709369359
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-23] ()
FF Plugin: @java.com/DTPlugin,version=10.2.1 -> C:\Windows\system32\npDeployJava1.dll [2011-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.2.1 -> C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll [2011-11-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2013-12-06] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2013-12-06] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-414015972-2062153888-1237451347-1001: @citrixonline.com/appdetectorplugin -> C:\Users\AKS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-08] (Citrix Online)
FF user.js: detected! => C:\Users\AKS\AppData\Roaming\Mozilla\Firefox\Profiles\mc4zkszn.default-1389709369359\user.js [2015-03-03]
FF Extension: DownThemAll! - C:\Users\AKS\AppData\Roaming\Mozilla\Firefox\Profiles\mc4zkszn.default-1389709369359\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-06-12]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-09-06]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1035\FirefoxExtension => not found
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-06]
 
Chrome: 
=======
CHR Profile: C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-03]
CHR Extension: (Google Docs) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-03]
CHR Extension: (Google Drive) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-03]
CHR Extension: (YouTube) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-13]
CHR Extension: (Google Search) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-13]
CHR Extension: (Google Sheets) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (RealDownloader) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-09]
CHR Extension: (Gmail) - C:\Users\AKS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-13]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155888 2009-10-16] (Dell Inc.)
R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [344384 2010-06-01] (Dell Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2011-12-20] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 B4-Service; C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y4150CPR\B4-Service.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 hitmanpro36; C:\Windows\system32\drivers\hitmanpro36.sys [30496 2012-07-12] ()
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFxpx64.sys [71968 2011-01-04] (O2Micro )
R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjxpx64.sys [83560 2011-03-23] (O2Micro )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 22:06 - 2015-10-03 22:06 - 00028864 _____ C:\Users\AKS\Desktop\FRST.txt
2015-10-03 22:05 - 2015-10-03 22:05 - 02193408 _____ (Farbar) C:\Users\AKS\Desktop\FRST64 (1).exe
2015-10-03 22:01 - 2015-10-03 22:01 - 02193408 _____ (Farbar) C:\Users\AKS\Desktop\FRST64.exe
2015-10-03 21:40 - 2015-10-03 21:40 - 00000000 ____D C:\Users\AKS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-28 23:19 - 2015-10-01 21:47 - 00003370 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-414015972-2062153888-1237451347-1001
2015-09-28 23:19 - 2015-10-01 21:47 - 00003232 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-414015972-2062153888-1237451347-1001
2015-09-28 23:13 - 2015-09-28 23:13 - 00000000 ____D C:\7a386dd25dd394e2b689c8
2015-09-18 23:19 - 2015-09-18 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-18 23:17 - 2015-09-18 23:19 - 00000000 ____D C:\Program Files\iTunes
2015-09-18 23:17 - 2015-09-18 23:17 - 00000000 ____D C:\Program Files\iPod
2015-09-18 23:17 - 2015-09-18 23:17 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-18 23:11 - 2015-09-18 23:11 - 00000000 ____D C:\Program Files\Bonjour
2015-09-18 23:11 - 2015-09-18 23:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-18 23:09 - 2015-09-18 23:09 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-18 23:09 - 2015-09-18 23:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-06 21:12 - 2015-09-28 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-06 00:04 - 2015-09-06 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-06 00:03 - 2015-09-06 00:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-04 22:35 - 2015-09-18 22:34 - 00003348 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-414015972-2062153888-1237451347-1001
2015-09-04 22:35 - 2015-09-18 22:34 - 00003210 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-414015972-2062153888-1237451347-1001
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-03 22:12 - 2012-06-20 23:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-03 22:07 - 2015-01-27 01:18 - 00000000 ____D C:\FRST
2015-10-03 22:07 - 2011-12-19 13:43 - 00000000 ____D C:\Users\AKS\Documents\Outlook Files
2015-10-03 22:01 - 2015-06-20 23:42 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-414015972-2062153888-1237451347-1001UA.job
2015-10-03 22:00 - 2011-11-28 20:59 - 02006398 _____ C:\Windows\WindowsUpdate.log
2015-10-03 21:55 - 2014-07-30 00:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-03 21:51 - 2012-08-29 11:02 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-03 21:50 - 2012-08-29 11:02 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-03 21:42 - 2009-07-14 00:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-03 21:42 - 2009-07-14 00:45 - 00031504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-03 21:40 - 2012-07-26 17:40 - 00000000 ____D C:\Users\AKS\AppData\Roaming\Dropbox
2015-10-03 21:38 - 2015-01-23 14:24 - 00000000 ____D C:\Users\AKS\AppData\Local\F6B485E9-E011-4558-B85F-56E6D05A5DFE.aplzod
2015-10-03 21:36 - 2015-06-20 23:42 - 00000858 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-414015972-2062153888-1237451347-1001Core.job
2015-10-03 21:36 - 2015-06-01 11:10 - 00000646 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-414015972-2062153888-1237451347-1001.job
2015-10-03 21:36 - 2014-03-26 12:45 - 00000550 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-414015972-2062153888-1237451347-1001.job
2015-10-02 06:22 - 2009-07-14 01:13 - 00860838 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-02 06:14 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-02 06:14 - 2009-07-14 00:51 - 00173017 _____ C:\Windows\setupact.log
2015-10-02 06:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-09-28 23:40 - 2010-11-20 23:47 - 01056910 _____ C:\Windows\PFRO.log
2015-09-28 23:18 - 2014-07-29 15:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-28 23:14 - 2012-11-24 00:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-09-24 23:52 - 2011-12-19 19:26 - 00000000 ____D C:\Users\AKS\AppData\Local\Akamai
2015-09-23 15:12 - 2012-06-20 23:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-23 15:12 - 2012-04-04 10:14 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-23 15:12 - 2011-12-17 19:42 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-20 18:15 - 2012-07-26 17:42 - 00000000 ___RD C:\Users\AKS\Dropbox
2015-09-20 12:45 - 2011-12-20 11:15 - 00000426 _____ C:\Windows\BRWMARK.INI
2015-09-18 23:22 - 2011-12-21 02:12 - 00000000 ____D C:\Users\AKS\AppData\Local\Google
2015-09-18 23:19 - 2013-02-20 19:19 - 00001759 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-18 23:17 - 2013-01-14 00:23 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-18 23:09 - 2014-09-22 13:11 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-18 21:46 - 2012-08-29 11:02 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-18 21:46 - 2012-08-29 11:02 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-09 03:13 - 2015-06-01 11:10 - 00003680 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-414015972-2062153888-1237451347-1001
2015-09-09 03:13 - 2014-03-26 12:45 - 00003584 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-414015972-2062153888-1237451347-1001
2015-09-06 00:04 - 2013-04-10 22:15 - 00001851 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
 
==================== Files in the root of some directories =======
 
2015-03-03 18:23 - 2015-03-03 18:23 - 0000046 _____ () C:\Users\AKS\AppData\Roaming\Camdata.ini
2015-03-03 18:23 - 2015-03-03 18:23 - 0000408 _____ () C:\Users\AKS\AppData\Roaming\CamLayout.ini
2015-03-03 18:23 - 2015-03-03 18:23 - 0000408 _____ () C:\Users\AKS\AppData\Roaming\CamShapes.ini
2015-03-03 18:23 - 2015-03-03 18:23 - 0004535 _____ () C:\Users\AKS\AppData\Roaming\CamStudio.cfg
2015-03-03 18:23 - 2015-03-03 18:23 - 0000096 _____ () C:\Users\AKS\AppData\Roaming\version2.xml
2012-01-29 14:19 - 2012-02-15 22:56 - 0003584 _____ () C:\Users\AKS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-27 18:21 - 2011-12-27 18:21 - 0000017 _____ () C:\Users\AKS\AppData\Local\resmon.resmoncfg
2014-11-14 23:19 - 2014-11-14 23:19 - 0000000 _____ () C:\Users\AKS\AppData\Local\{7A318A86-186B-4A25-A736-A7BFBC7C92C4}
 
Some files in TEMP:
====================
C:\Users\AKS\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbqg34x.dll
C:\Users\AKS\AppData\Local\Temp\Quarantine.exe
C:\Users\AKS\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-02 01:17
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by AKS at 2015-02-02 09:48:49
Running from C:\Users\AKS\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe Acrobat 8.1.0 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional - English, Français, Deutsch) (Version: 8.1.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Akamai NetSession Interface (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-8870DW (HKLM-x32\...\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
Dell ControlVault Host Components Installer 64 bit (Version: 2.0.20.159 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKLM-x32\...\{E86E510B-CBAD-354D-841B-853E23EF038A}) (Version: 64.240.49198 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
join.me (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\JoinMe) (Version: 1.7.0.138 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-414015972-2062153888-1237451347-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 (HKLM\...\Office14.SharePointDesigner) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
QuickBooks Pro 2008 (HKLM-x32\...\{8ECB8220-F422-4BEB-9596-97033C533702}) (Version: 18.0.4010.606 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Salesforce for Outlook (HKLM\...\{A961FEC8-7232-445C-931C-7E20ECF97ACA}) (Version: 1.5.178.214 - salesforce.com)
salesforce.com Data Loader (HKLM-x32\...\Data Loader) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0017-0000-1000-0000000FF1CE}_Office14.SharePointDesigner_{98223B6C-F59E-4928-B553-43605D52ED19}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Trusted Drive Manager (Version: 4.0.5.8 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AKS\AppData\Local\Citrix\GoToMeeting\1960\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\AKS\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\AKS\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\AKS\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\AKS\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AKS\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-414015972-2062153888-1237451347-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\AKS\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
23-01-2015 15:29:11 End of disinfection
25-01-2015 16:39:27 Windows Update
28-01-2015 22:49:21 Windows Update
01-02-2015 00:08:33 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-01-02 08:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {19597B82-C8DC-4C57-A472-339AD4032D9B} - System32\Tasks\{D7F41C45-74BE-45C4-8D01-F4C650C99F8A} => pcalua.exe -a "C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TA96GFHM\jre-8u25-windows-i586.com" -d C:\Users\AKS\Desktop
Task: {36FCB803-7336-4512-AC0B-F9BA2FFC033F} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3E58A5D1-CCC8-4221-9F6A-363573EFD0C1} - System32\Tasks\{6EFF3461-5051-469A-AE25-31375780823B} => pcalua.exe -a "C:\Users\AKS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JZZT818\SWB_DRVR_ME7P1_5M_7_1_70_1205_MR_A05_SETUP_ZPE.exe" -d C:\Users\AKS\Desktop
Task: {58101AC2-FA85-44A5-BFC1-27F15374F28B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {63447A7D-32AB-4180-AC6C-840354A3EFCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-414015972-2062153888-1237451347-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {686F518A-C028-4D67-9E3A-C6E69129188D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6F62C5CC-ECF1-41FF-A52E-F81D77036A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MININT-DLL3ED3-AKS MININT-DLL3ED3 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {77CF445F-5C98-446C-A2F4-0F5A3510CE54} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {869CF4B6-2FC2-4FD8-9D30-68CABB5574D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-414015972-2062153888-1237451347-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {A198AFE7-313D-4AA3-A020-E56E89DFAF61} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-414015972-2062153888-1237451347-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {ACE97060-E295-4B03-9D5B-3D2C31127AF2} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {B687B899-CF5A-48F0-A172-26B407B03C62} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CAFCAFEC-E5AB-4057-95A3-8EB4065A1E08} - System32\Tasks\G2MUpdateTask-S-1-5-21-414015972-2062153888-1237451347-1001 => C:\Users\AKS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-27] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CD64F3A3-58D6-4248-8E2D-50C553C5A400} - System32\Tasks\{BC713831-F7FC-4A5D-98F9-117C95D1E288} => pcalua.exe -a C:\Users\AKS\Downloads\googlecalendarsync_installer.exe -d C:\Users\AKS\Downloads
Task: {E10FC8FE-D209-4277-B59A-B4285153B630} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-414015972-2062153888-1237451347-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E27EBCE4-FA31-491F-9947-4F249F54172B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-29] (Google Inc.)
Task: {E89E6CE7-85D6-4530-8EF7-185D361C7D09} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-414015972-2062153888-1237451347-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {ED7FD614-23C4-4289-9686-CB9ADC9B9AA5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {FA67E286-5295-4138-992A-497ECA07F589} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-414015972-2062153888-1237451347-1001.job => C:\Users\AKS\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-19 15:43 - 2013-10-28 18:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-23 08:34 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-12-19 15:43 - 2013-12-04 02:22 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2014-07-29 14:10 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-12-20 10:15 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 13:07 - 2011-05-06 13:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 13:02 - 2011-05-06 13:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-26 00:08 - 2010-10-26 00:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-26 00:23 - 2010-10-26 00:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-26 00:06 - 2010-10-26 00:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 08:34 - 2010-10-26 08:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-10-26 00:37 - 2010-10-26 00:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-05-20 13:49 - 2010-05-20 13:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 09:47 - 2010-05-17 09:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2014-11-23 08:33 - 2014-11-23 08:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2006-10-01 21:49 - 2006-10-01 21:49 - 00389120 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
2015-01-12 16:49 - 2007-03-22 12:38 - 02748416 ____R () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\LIBMYSQLD.dll
2007-05-11 00:50 - 2007-05-11 00:50 - 00017024 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\viewerps.dll
2015-01-12 16:50 - 2007-01-13 03:01 - 00397312 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\cryptocme2.dll
2015-01-12 16:50 - 2007-01-13 03:01 - 00475136 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\ccme_base.dll
2014-11-23 08:33 - 2014-11-23 08:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-07-29 14:10 - 2014-07-29 14:13 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-11-23 08:33 - 2014-11-23 08:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Salesforce for Outlook.lnk => C:\Windows\pss\Salesforce for Outlook.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^AKS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S
MSCONFIG\startupreg: DLUPDR => "C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-414015972-2062153888-1237451347-500 - Administrator - Disabled)
AKS (S-1-5-21-414015972-2062153888-1237451347-1001 - Administrator - Enabled) => C:\Users\AKS
Guest (S-1-5-21-414015972-2062153888-1237451347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-414015972-2062153888-1237451347-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-414015972-2062153888-1237451347-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32186063
 
Error: (02/01/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32186063
 
Error: (02/01/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32183770
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32183770
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 11:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20243860
 
 
System errors:
=============
Error: (01/31/2015 06:09:27 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{7C9DCFD6-9153-4FC3-96A8-790F9026F4C0} because another computer on the network has the same name.  The server could not start.
 
Error: (01/28/2015 01:51:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/28/2015 01:51:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/28/2015 01:20:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/28/2015 01:20:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/27/2015 01:53:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/27/2015 01:53:18 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (01/27/2015 10:03:43 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 
Error: (01/26/2015 00:55:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (01/26/2015 00:52:51 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
 
Microsoft Office Sessions:
=========================
Error: (02/01/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32186063
 
Error: (02/01/2015 09:06:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32186063
 
Error: (02/01/2015 09:06:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 32183770
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 32183770
 
Error: (02/01/2015 09:06:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9282
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9282
 
Error: (02/01/2015 00:10:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/31/2015 11:47:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20243860
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 08:02:49.375
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 08:02:49.281
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 71%
Total physical RAM: 8073.02 MB
Available physical RAM: 2310.43 MB
Total Pagefile: 16144.21 MB
Available Pagefile: 7369.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:284.42 GB) (Free:46.7 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.07 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: AF1E5DFA)
Partition 1: (Active) - (Size=284.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebyte one more time:

 

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may or may not see this message box.

            'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.



To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…



Next,

 

Download AdwCleaner by Xplode onto your Desktop.

  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts. (re-enable when done)
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:
https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

Let me se those logs, also give an update on any remaining issues or concerns....

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.