hypnoraygun Posted October 1, 2015 ID:993199 Share Posted October 1, 2015 Hello, I downloaded something that I can't get rid of. I've ran several programs, deleted a few things detected, ran Malwarebytes (been a paying customer for years, it hasn't detected anything) , uninstalled and reinstalled Firefox then removed it. Installed Chrome (which I never had) and it's now doing it on there. I'll click on a link and a pop up new tab will come up. First it says Terraclick.com then it says lp.musicboxnewtab.com with an ad.. This originally started by a browser hi jack/redirect where every time I opened it, it opened into a non set homepage. I got rid of that, now I have this. I ran Farbar just now. This is what I have: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-09-2015Ran by Hypno (administrator) on HYPNORAYGUN (01-10-2015 14:16:03)Running from C:\Users\Hypno\DownloadsLoaded Profiles: Hypno (Available Profiles: Hypno)Platform: Windows 8.1 Connected (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe(Dell Inc.) C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe() C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7543000 2014-03-04] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [519256 2014-02-16] (Waves Audio Ltd.)HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-25] (Realtek Semiconductor)HKLM-x32\...\Run: [lxdkmon.exe] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exe [455336 2010-02-15] ()HKLM-x32\...\Run: [lxdkamon] => C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe [25256 2010-02-15] ()HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-1188468758-1272634306-373300443-1001] => http://stopblock.me/wpad.dat?6a7e33d7632b2a86907a914d4cfeaf5c177020Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{36968F8E-9445-4C71-925E-031F5072C6F6}: [DhcpNameServer] 71.10.216.1 71.10.216.2Tcpip\..\Interfaces\{4A1A0DDE-BD5F-421D-9A83-8F193CC8F565}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.yahoo.com/HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJBSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-1188468758-1272634306-373300443-1001 -> {D82486F8-9441-4F09-A262-552F2F035E33} URL = FireFox:========FF ProfilePath: C:\Users\Hypno\AppData\Roaming\Mozilla\Firefox\Profiles\ob4zic6x.default-1443596698055FF DefaultSearchEngine.US: GoogleFF Homepage: hxxps://login.yahoo.com/?.src=ym&.intl=us&.lang=en-US&.done=https%3a//mail.yahoo.comFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2013-12-10] (Nero AG)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-01] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: =======CHR HomePage: Default -> hxxp://www.yahoo.com/CHR StartupUrls: Default -> "hxxp://yahoo.com/","hxxp://facebook.com/","hxxp://twitter.com/"CHR Profile: C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-01]CHR Extension: (Google Docs) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-01]CHR Extension: (Google Drive) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-01]CHR Extension: (YouTube) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]CHR Extension: (Google Search) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-01]CHR Extension: (Google Sheets) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-01]CHR Extension: (Google Docs Offline) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-01]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-10-01]CHR Extension: (Chrome Web Store Payments) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-01]CHR Extension: (Gmail) - C:\Users\Hypno\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-01] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows ® Win 7 DDK provider) [File not signed]R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Dell Inc.)R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Dell Inc.)S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2005392 2015-02-12] (SoftThinks SAS)R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc.)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:16 - 2015-10-01 14:16 - 00016759 _____ C:\Users\Hypno\Downloads\FRST.txt2015-10-01 14:15 - 2015-10-01 14:16 - 00000000 ____D C:\FRST2015-10-01 14:15 - 2015-10-01 14:15 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64 (1).exe2015-10-01 14:14 - 2015-10-01 14:14 - 02192384 _____ (Farbar) C:\Users\Hypno\Downloads\FRST64.exe2015-10-01 13:17 - 2015-10-01 13:17 - 00000262 _____ C:\Users\Hypno\Downloads\debug.log2015-10-01 10:44 - 2015-10-01 10:44 - 00002277 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-10-01 10:44 - 2015-10-01 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-10-01 10:43 - 2015-10-01 13:48 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-10-01 10:43 - 2015-10-01 10:48 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-10-01 10:43 - 2015-10-01 10:43 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-10-01 10:43 - 2015-10-01 10:43 - 00003656 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-10-01 10:42 - 2015-10-01 13:17 - 00000000 ____D C:\Users\Hypno\AppData\Local\Google2015-10-01 10:42 - 2015-10-01 10:42 - 00000000 ____D C:\Users\Hypno\AppData\Local\Deployment2015-09-30 20:16 - 2015-09-30 20:16 - 00000000 ___RD C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices2015-09-30 09:45 - 2015-10-01 10:59 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\AVAST Software2015-09-29 18:52 - 2015-09-29 18:52 - 00001825 _____ C:\Users\Hypno\Desktop\AdwCleaner[C1].txt2015-09-29 18:45 - 2015-09-30 11:00 - 00000000 ____D C:\AdwCleaner2015-09-29 15:58 - 2015-09-29 15:58 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Hypno\Downloads\sc-cleaner.exe2015-09-24 13:45 - 2015-09-30 19:54 - 00002130 _____ C:\Windows\PFRO.log2015-09-24 13:45 - 2015-09-30 19:54 - 00000464 _____ C:\Windows\setupact.log2015-09-24 13:45 - 2015-09-24 13:45 - 00000000 _____ C:\Windows\setuperr.log2015-09-23 20:45 - 2015-09-23 22:06 - 00000646 _____ C:\Users\Hypno\Downloads\Seneca 1995.mp42015-09-23 16:48 - 2015-10-01 14:14 - 01283803 _____ C:\Windows\WindowsUpdate.log2015-09-23 15:48 - 2015-09-23 15:49 - 06666544 _____ (Piriform Ltd) C:\Users\Hypno\Downloads\ccsetup509pro.exe2015-09-23 15:45 - 2015-10-01 11:00 - 00000000 ____D C:\Program Files (x86)\Adobe2015-09-23 11:08 - 2015-09-23 11:08 - 00000000 ____D C:\ProgramData\Lavasoft2015-09-23 00:03 - 2015-09-30 02:05 - 00000000 ____D C:\Users\Hypno\Desktop\Old Firefox Data2015-09-21 22:49 - 2015-09-21 22:58 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui2015-09-21 22:34 - 2015-09-21 22:34 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\PTGui Pro2015-09-21 22:20 - 2015-09-21 22:20 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\SpringFiles2015-09-21 13:43 - 2015-09-21 13:43 - 18819272 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2015-09-15 22:47 - 2015-09-15 22:59 - 14079676 _____ C:\Users\Hypno\Desktop\test.wav2015-09-15 15:18 - 2015-09-15 23:26 - 00000000 ____D C:\Users\Hypno\Documents\Mixpad Projects2015-09-15 14:53 - 2015-09-15 14:53 - 00053672 _____ C:\Users\Hypno\Desktop\newguitar.sfk2015-09-15 14:38 - 2015-09-15 14:50 - 00053672 _____ C:\Users\Hypno\Desktop\EX000_2.sfk2015-09-15 14:38 - 2015-09-15 14:38 - 00055064 _____ C:\Users\Hypno\Desktop\EX000_4.sfk2015-09-08 21:33 - 2015-08-26 21:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-09-08 21:33 - 2015-08-26 13:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-09-08 21:33 - 2015-08-26 13:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-09-08 21:33 - 2015-08-26 09:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-09-08 21:33 - 2015-08-26 09:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-09-08 21:33 - 2015-08-26 09:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-09-08 21:33 - 2015-08-26 09:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-09-08 21:32 - 2015-08-22 13:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-09-08 21:32 - 2015-08-22 12:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-09-08 21:32 - 2015-08-22 12:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-09-08 21:32 - 2015-08-22 12:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-09-08 21:32 - 2015-08-22 12:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-09-08 21:32 - 2015-08-22 11:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-09-08 21:32 - 2015-08-22 11:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-09-08 21:32 - 2015-08-22 11:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-09-08 21:32 - 2015-08-22 11:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-09-08 21:32 - 2015-08-22 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-09-08 21:32 - 2015-08-22 11:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-09-08 21:32 - 2015-08-22 11:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-09-08 21:32 - 2015-08-22 11:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-09-08 21:32 - 2015-08-22 11:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-09-08 21:32 - 2015-08-22 11:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-09-08 21:32 - 2015-08-22 11:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-09-08 21:32 - 2015-08-22 11:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-09-08 21:32 - 2015-08-22 11:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-09-08 21:32 - 2015-08-22 11:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-09-08 21:32 - 2015-08-22 10:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-09-08 21:32 - 2015-08-22 10:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-09-08 21:32 - 2015-07-30 12:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll2015-09-08 21:32 - 2015-07-30 11:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll2015-09-08 21:30 - 2015-09-01 21:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-09-08 21:30 - 2015-09-01 21:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-09-08 21:30 - 2015-09-01 21:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-09-08 21:30 - 2015-09-01 21:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll2015-09-08 21:30 - 2015-08-03 16:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll2015-09-08 21:30 - 2015-08-01 09:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll2015-09-08 21:30 - 2015-07-31 22:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe2015-09-08 21:30 - 2015-07-31 22:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll2015-09-08 21:30 - 2015-07-31 22:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe2015-09-08 21:30 - 2015-07-31 22:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe2015-09-08 21:30 - 2015-07-22 09:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-09-08 21:30 - 2015-07-22 09:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-22 09:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-09-08 21:30 - 2015-07-22 09:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll2015-09-08 21:30 - 2015-07-18 13:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll2015-09-08 21:30 - 2015-07-18 13:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll2015-09-08 21:30 - 2015-07-18 13:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll2015-09-08 21:30 - 2015-07-13 22:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe2015-09-06 23:40 - 2015-09-06 23:40 - 00000000 ____D C:\Users\Hypno\Desktop\scanned pics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-10-01 14:14 - 2015-01-28 02:00 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-10-01 11:03 - 2014-11-30 00:14 - 01752064 ___SH C:\Users\Hypno\Downloads\Thumbs.db2015-10-01 11:03 - 2014-11-25 20:54 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1188468758-1272634306-373300443-10012015-10-01 11:01 - 2015-01-02 01:22 - 00000000 ____D C:\Program Files (x86)\NCH Software2015-10-01 10:44 - 2015-02-11 23:49 - 00000000 ____D C:\Program Files (x86)\Google2015-10-01 10:42 - 2015-01-06 00:13 - 00000000 ____D C:\Users\Hypno\AppData\Local\Apps\2.02015-09-30 20:21 - 2014-09-21 02:14 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery2015-09-30 20:15 - 2014-11-28 13:59 - 00367104 ___SH C:\Users\Hypno\Desktop\Thumbs.db2015-09-30 20:15 - 2014-11-25 20:56 - 00000000 ____D C:\Users\Hypno\OneDrive2015-09-30 19:54 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\FileManager2015-09-30 19:54 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-09-30 19:53 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-09-30 19:00 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru2015-09-30 15:12 - 2014-09-21 02:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2015-09-30 14:18 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI2015-09-30 10:55 - 2014-12-20 11:28 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\BitTorrent2015-09-29 16:19 - 2014-12-02 14:49 - 00020519 _____ C:\Windows\system32\lvcoinst.log2015-09-23 16:03 - 2015-01-03 07:36 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\MPC-HC2015-09-23 16:02 - 2014-11-28 22:59 - 00000000 ____D C:\Users\Hypno\AppData\Local\CrashDumps2015-09-23 16:02 - 2014-09-21 02:01 - 00000000 ____D C:\Windows\Panther2015-09-23 15:48 - 2014-11-28 13:52 - 00000000 ____D C:\Users\Hypno\AppData\Local\Adobe2015-09-23 15:44 - 2014-12-30 02:11 - 00000000 ____D C:\ProgramData\Adobe2015-09-22 23:47 - 2014-11-25 20:49 - 00001444 _____ C:\Users\Hypno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2015-09-22 15:19 - 2015-01-02 01:22 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software2015-09-21 14:01 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp2015-09-15 22:46 - 2015-01-02 01:22 - 00000000 ____D C:\Users\Hypno\AppData\Roaming\NCH Software2015-09-15 15:18 - 2015-01-02 01:22 - 00000000 ____D C:\ProgramData\NCH Software2015-09-14 20:18 - 2015-04-17 11:04 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-09-14 20:18 - 2015-04-17 11:04 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-09-12 22:16 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\LiveKernelReports2015-09-12 15:29 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache2015-09-09 19:17 - 2013-08-22 09:44 - 00359856 _____ C:\Windows\system32\FNTCACHE.DAT2015-09-08 23:56 - 2014-03-18 04:38 - 00000000 ____D C:\Program Files\Windows Journal2015-09-08 23:56 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\PolicyDefinitions2015-09-08 21:59 - 2014-12-01 01:03 - 00000000 ____D C:\ProgramData\Microsoft Help2015-09-08 21:52 - 2014-11-30 15:19 - 00000000 ____D C:\Windows\system32\MRT2015-09-07 01:30 - 2014-11-25 20:48 - 00000000 ____D C:\Users\Hypno ==================== Files in the root of some directories ======= 2014-09-21 02:04 - 2014-09-21 02:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl2014-09-21 02:03 - 2014-09-21 02:03 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log2014-09-21 01:59 - 2014-09-21 02:00 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log2014-09-21 02:00 - 2014-09-21 02:02 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log2014-09-21 02:02 - 2014-09-21 02:03 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log2014-09-21 01:58 - 2014-09-21 01:59 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Some files in TEMP:====================C:\Users\Hypno\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-29 16:19 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-09-2015Ran by Hypno (2015-10-01 14:17:36)Running from C:\Users\Hypno\DownloadsWindows 8.1 Connected (X64) (2014-11-26 01:48:48)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1188468758-1272634306-373300443-500 - Administrator - Disabled)Guest (S-1-5-21-1188468758-1272634306-373300443-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1188468758-1272634306-373300443-1003 - Limited - Enabled)Hypno (S-1-5-21-1188468758-1272634306-373300443-1001 - Administrator - Enabled) => C:\Users\Hypnosydel_000 (S-1-5-21-1188468758-1272634306-373300443-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.1.70 - Dell Inc.)Dell Data Vault (Version: 4.3.4.0 - Dell Inc.) HiddenDell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)Dropbox (HKU\S-1-5-21-1188468758-1272634306-373300443-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)K-Lite Codec Pack 10.9.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.0 - )LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) HiddenLeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) HiddenNero 2014 (HKLM-x32\...\{0128492C-AB60-43BE-9D9A-8CA622CAF06E}) (Version: 15.0.07700 - Nero AG)Nero Info (HKLM-x32\...\{B791E0AB-87A9-41A4-8D98-D13C2E37D928}) (Version: 15.1.0030 - Nero AG)PeaZip 5.5.2 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani)PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)Prerequisite installer (x32 Version: 15.0.0005 - Nero AG) HiddenPrism Video File Converter (HKLM-x32\...\Prism) (Version: 2.25 - NCH Software)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.30174 - Realtek Semiconductor Corp.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7188 - Realtek Semiconductor Corp.)SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)Sonic Foundry Sound Forge 5.0 (HKLM-x32\...\{F3D6581A-FEA1-11D4-8170-00C04F612EA4}) (Version: 5.0.0.117 - Sonic Foundry)Switch Sound File Converter (HKLM-x32\...\Switch) (Version: - NCH Software)SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)Visualizer for SketchUp (HKLM\...\{3758A735-50FD-4033-B3F5-77F30ED63F87}) (Version: 1.3.13.0 - Imagination)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1188468758-1272634306-373300443-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Hypno\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Restore Points ========================= 18-09-2015 21:03:51 Scheduled Checkpoint23-09-2015 11:08:27 AA1130-09-2015 15:08:29 AA11 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0E62425E-B9BE-42CC-8005-CA0C8EF8775A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exeTask: {10EE6506-8997-4F4E-A67A-37CD9C08DBF5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {144F19A1-EA57-4434-81BA-6E171E23EDED} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2013-10-16] (Nero AG)Task: {15D482E8-322C-4BAF-B433-A1ED3ACEC0DF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-06-11] (Dell Inc.)Task: {29F7DA91-8C96-4AD7-9300-DCBF16C47DC7} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)Task: {4596C201-2628-4889-B91B-D0BD8A2B7ACB} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)Task: {AE84B036-97E8-4103-8630-2AFA375077D1} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()Task: {B92C98E1-8C51-47F3-9694-4753FAD43955} - System32\Tasks\PocketCloudUpdater => C:\ProgramTask: {C2999CD8-B496-4022-935F-0E3E8B0848C8} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()Task: {D7CEC631-295E-4D58-A790-E34A6FBA9D25} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)Task: {D8346D27-6119-4C6C-A3CB-8ED9596512A2} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)Task: {DC186D02-EC65-489D-AA6A-4CE6E2ABCF95} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-01] (Google Inc.)Task: {DD6781DB-F70A-49F9-ADE5-36411CF35E2C} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)Task: {F3CBD649-00E7-4839-9B70-42C9EBAAECBE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)Task: {F8A8E634-C2A1-49B4-BFA9-971F236BFA17} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe2013-08-22 13:40 - 2013-08-22 13:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll2013-08-22 13:40 - 2013-08-22 13:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00016384 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Interfaces.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00081408 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Objects.dll2014-01-10 16:53 - 2014-01-10 16:53 - 00815616 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.Resources.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00052736 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Plugins.SelfUpdate.dll2014-01-10 17:24 - 2014-01-10 17:24 - 00019968 _____ () C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.Client.Pulse.Agent.Common.dll2013-10-30 01:11 - 2013-10-30 01:11 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2013-10-30 01:07 - 2013-10-30 01:07 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll2013-10-30 01:15 - 2013-10-30 01:15 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe2014-12-24 14:26 - 2010-02-15 13:26 - 00025256 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exe2015-06-25 13:52 - 2015-05-19 20:26 - 00107256 _____ () C:\Program Files\Dell\SupportAssist\libCSharpCommonCS.dll2015-06-25 13:52 - 2015-05-19 20:26 - 00553720 _____ () C:\Program Files\Dell\SupportAssist\libAsapiCSharp.dll2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00028672 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Common.dll2014-12-24 14:26 - 2010-02-09 08:41 - 00036864 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.Monitor.Core.dll2014-12-24 14:26 - 2010-02-09 08:40 - 00057344 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\app4r.devmons.mcmdevmon.dll2014-12-24 14:26 - 2008-06-06 07:45 - 00011776 _____ () C:\Program Files (x86) (x86)\Lexmark 5300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll2014-09-21 01:59 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2015-02-26 11:07 - 2015-02-09 10:14 - 01905904 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll2014-09-21 02:15 - 2012-11-26 01:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll2015-02-26 11:07 - 2014-02-18 13:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll2015-10-01 10:44 - 2015-09-23 21:34 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libglesv2.dll2015-10-01 10:44 - 2015-09-23 21:34 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\libegl.dll2015-10-01 10:44 - 2015-09-23 21:34 - 16487752 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfmAlternateDataStreams: C:\Users\Hypno\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1188468758-1272634306-373300443-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Hypno\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpgDNS Servers: 71.10.216.1 - 71.10.216.2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "AdAwareTray" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{383E65B5-108A-458B-8E11-809EE0183915}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exeFirewallRules: [{1357C1E0-7FD2-49F2-B39B-B256F27CB5C7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exeFirewallRules: [{59ADB38E-8A52-4249-952D-4F04962D3C12}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exeFirewallRules: [{5DFCAFB9-BB3F-4BBB-B636-C9986FA1D940}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXEFirewallRules: [{259B95C8-2A7A-42C1-A97C-8EC75A84C379}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exeFirewallRules: [{679E6E4A-EECC-471B-80E1-49F83AF09666}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{6F44041F-DBD4-44DF-AA62-E5552C33A1FF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{FCFB9474-DD07-4F0A-94CE-54369B8723B3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{89ED3E5C-7937-4417-9684-631BEB559A8F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{C8EB96E7-41CD-46E6-AC55-F9551754F357}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{6683267F-3D59-4181-A6D2-0811535700BE}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{B421CB7C-9258-4316-9495-76642D720C5A}] => (Allow) C:\Windows\SysWOW64\lxdkcoms.exeFirewallRules: [{38A75B82-EFC5-4673-BEE4-7CA7F6B1DF00}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{7CD468EA-53CE-4D7C-BED9-C8BC6C333AFF}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkamon.exeFirewallRules: [{38AEFA95-0615-43EB-A4F3-E0E4BA332047}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{7528B128-953D-4620-9B07-0A8BFEC86CC1}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\frun.exeFirewallRules: [{D1C18F20-F63F-44ED-B7A8-5864BC6FCD5A}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{3B192F3D-C4B3-4967-B688-6678C9F2FDE7}] => (Allow) C:\Program Files (x86) (x86)\Lexmark 5300 Series\lxdkmon.exeFirewallRules: [{36813081-8EDA-4EEA-B207-27D6B04186E3}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{5A7CF105-0277-4C0A-905F-5C599EA2FC7F}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exeFirewallRules: [{16B5E429-C15E-472B-9BC9-FE89722ED227}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{D2C08777-2A95-4F43-B96E-8AF6EBB7543C}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exeFirewallRules: [{80EF4F7C-6AF2-490F-9F61-2DDA1ED59615}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{ABDD6C01-93A2-430D-813F-C982BB85BF9A}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nssB7D2.tmp\CnetInstaller-10735947.exeFirewallRules: [{7CE86586-756A-42B9-AE89-5196B48EE9CC}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{2F32C58D-E333-4356-ABAC-6AF76062DF80}] => (Allow) C:\Users\Hypno\AppData\Local\Temp\nse2E4A.tmp\CnetInstaller-10735947.exeFirewallRules: [{BED5D576-2BB4-4177-933D-7E72BE5E0282}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{C31C22FB-99F4-401F-8DA8-8BB7B830CA35}] => (Allow) C:\Users\Hypno\AppData\Roaming\Dropbox\bin\Dropbox.exeFirewallRules: [{FB3DE7B6-AC1C-4A61-9090-01CD20B1B9E2}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exeFirewallRules: [{E15A7092-62A3-4B20-89DB-76112E66D679}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{6E726B8D-1DBC-4E70-AE84-3FDEA445DC49}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exeFirewallRules: [{9C824CA5-DFA9-425D-87F6-4D4A28807D35}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{0E0D26A8-2742-4785-ADF0-86B872985C28}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exeFirewallRules: [{4F0C4838-03AC-4B02-9618-4E6716284820}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= Name: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Description: Dell Wireless 1705 802.11b/g/n (2.4GHZ)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Atheros Communications Inc.Service: athrProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/30/2015 07:55:11 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/30/2015 03:12:35 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: HYPNORAYGUN)Description: Application or service 'Dell Update Service' could not be restarted. Error: (09/29/2015 06:52:03 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/29/2015 02:15:48 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x8898008d) Error: (09/23/2015 02:11:42 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/22/2015 03:46:47 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program MixPad.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1efc Start Time: 01d0f573f5a71f58 Termination Time: 569 Application Path: C:\Program Files (x86)\NCH Software\MixPad\MixPad.exe Report Id: ff039ad2-616a-11e5-8277-38b1db634512 Faulting package full name: Faulting package-relative application ID: Error: (09/18/2015 08:22:46 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 510 Start Time: 01d0f278f33cc1f5 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: e8f6c413-5e6c-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/12/2015 10:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a7c Start Time: 01d0edd136c540de Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 2a92dbe7-59c5-11e5-8277-38b1db634512 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (09/09/2015 07:18:29 PM) (Source: Perflib) (EventID: 1008) (User: )Description: BITSC:\Windows\System32\bitsperf.dll8 Error: (09/07/2015 03:02:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1Exception code: 0xc0000374Fault offset: 0x000e5904Faulting process id: 0xce0Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 System errors:=============Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:20:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 80. Error: (09/30/2015 08:15:49 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:40 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:39 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable Error: (09/30/2015 08:15:38 PM) (Source: DCOM) (EventID: 10016) (User: HYPNORAYGUN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}HypnoRaygunHypnoS-1-5-21-1188468758-1272634306-373300443-1001LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity:=================================== Date: 2015-09-30 19:49:34.971 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.549 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:34.111 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.529 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:17.107 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:16.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.935 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.514 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:15.060 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-30 19:49:13.826 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Celeron® CPU J1800 @ 2.41GHzPercentage of memory in use: 51%Total physical RAM: 3987.2 MBAvailable physical RAM: 1915.6 MBTotal Virtual: 5459.2 MBAvailable Virtual: 2469.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:456.3 GB) (Free:411.51 GB) NTFSDrive d: (Elements) (Fixed) (Total:1863.01 GB) (Free:921.68 GB) NTFSDrive f: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32Drive w: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.42 GB) NTFSDrive x: (PBR Image) (Fixed) (Total:8.08 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 240AD42F) Partition: GPT. ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 000F408A)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 1, 2015 ID:993208 Share Posted October 1, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Limit your internet access to posting here, some infections just wait to steal typed-in passwords.Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.I volunteer to help you, so please, do not ask for help for your company/business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding! The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please upload them into your next reply. Link to post Share on other sites More sharing options...
hypnoraygun Posted October 1, 2015 Author ID:993216 Share Posted October 1, 2015 Well I think I inadvertently broke the rules already. A preset Malware scan just ran without my knowing, and it came up with something. Also when I start to run Farbar an Error appears but the program still works?.. I attached screen shots of the error and the Malware item that was found. FRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 2, 2015 ID:993262 Share Posted October 2, 2015 It is okay. Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please upload it to your reply. Fix with ESET Services Repair Please download Services Repair by ESET and save it to your desktop.Right-click on icon and select Run as Administrator to start the tool.If security notifications appear, click Continue or Run.Accept the prompt about restoring services.Once the tool has finished, you will be prompted to restart your computer. Click Yes to restart.A log will be saved in the CCSupport folder the tool created on your desktop.Please include that logfile in your next reply. FRST search Once again we shall use FRST for additional checks. Re-run FRST/FRST64 by double-clicking:Copy wpad.dat;wpad into the Search: field in FRST then click the Search Registry button.FRST will search your computer for files and when finished it will produce a log Search.txt in the same directory the tool is run.Please attach it to your reply.fixlist.txt Link to post Share on other sites More sharing options...
hypnoraygun Posted October 2, 2015 Author ID:993331 Share Posted October 2, 2015 Thank you very much. Here are the three logs. SvcRepair.logFixlog.txtSearch.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 2, 2015 ID:993352 Share Posted October 2, 2015 How is the situation now? Link to post Share on other sites More sharing options...
hypnoraygun Posted October 2, 2015 Author ID:993362 Share Posted October 2, 2015 At this moment, things seem to have stopped. I'm going to install Firefox and see how that behaves. That's where it first started. I do appreciate all your help. And a Beer fund donation will be made. I would like to see how Firefox does before this is totally closed out, if that is okay? Thank you again! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 2, 2015 ID:993381 Share Posted October 2, 2015 No problem, keep me updated. Link to post Share on other sites More sharing options...
hypnoraygun Posted October 5, 2015 Author ID:993682 Share Posted October 5, 2015 It does seem to be okay now, I really appricate your help! Thank you!!! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 5, 2015 ID:993692 Share Posted October 5, 2015 Glad I could help. We will delete all used tools and I'll give you some tips to harden your security and learn how to protect yourself Recommended reading: MUST READ - security tips:Computer Security - a short guide to staying safer online.Simple and easy ways to keep your computer safe and secure on the InternetHow Malware Spreads - How did I get infectedMUST READ - general maintenance:What to do if your Computer is running slowly?The Importance of Software Updating: In order to stay protected it is very important that you regularly update all of your software. Cybercriminals depend on the apathy of users around software updates to keep their malicious endeavor running. Operating systems, such as Windows, and applications, such as Adobe Reader or JAVA, are used by tens of millions of computers and devices around the world, making them a huge target for cybercriminals. Downloading updates and installing them can sometimes be tedious, but the advantages you get from the updates are certainly worth it.How to configure and use Automatic Updates in WindowsHow to update JavaHow to update Adobe ReaderRecommended additional software: CCleaner - to clean unneeded temporary files. Malwarebytes' Anti-Malware - to scan your system from time to time in search for malware. Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities. McShield - to prevent infections spread by removable media. Unchecky - to prevent from installing additional foistware, implemented in legitimate installations. Adblock - to surf the web without annoying ads! Post-cleanup procedures: Download DelFix by Xplode and save it to your desktop.Run the tool by right click on the icon and Run as administrator option.Make sure that these ones are checked:Remove disinfection toolsPurge system restoreReset system settingsPush Run.The program will run for a few seconds and display a notepad report. You do not need to attach it.The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix Tool deletes old system restore points and create a fresh system restore point after cleaning. My help is free for everybody.If you're happy with the help provided and/or wish to show your appreciation for the assistance you received, then you can consider a donation: Thank you! Stay safe, TwinHeadedEagle Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 11, 2015 ID:994831 Share Posted October 11, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts