Jump to content

Spyware - two hacked online accounts


rlee_la

Recommended Posts

Hello, 

First, thank you to those who've helped me in the past - most recently at https://forums.malwarebytes.org/index.php?/topic/173553-possible-gmail-hack/

 

I strongly believe I have spyware on my computer.

 

I've just discovered that on October 15, 2015, some of my rewards points were redeemed by a hacker.  The tech support rep told me that my account has new addresses in Virginia and in Ohio.  I live in California.

 

In addition, on November 6, 2015, my Apple iTunes account was hacked.  

 

I do not give out my passwords to anyone.  There must be spyware, right?

 

Would someone please help me remove the spyware?

Thank you so much.  Happy holidays.

Link to post
Share on other sites

Hi TwinHeadedEagle,

 

Thanks very much.  Attached are the logs.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
Ran by RLee (administrator) on RLEE-PC (23-12-2015 10:19:33)
Running from C:\Users\RLee\Desktop
Loaded Profiles: RLee (Available Profiles: RLee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\WINDOWS\SysWOW64\bgsvcgen.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\WINDOWS\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Dropbox, Inc.) C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(PFU LIMITED) C:\WINDOWS\SSDriver\fi5110\SsWiaChecker.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
() C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [intelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-23] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [577536 2014-06-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [scanSnap WIA Service Checker] => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [TranscodingService] => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [Dropbox Update] => C:\Users\RLee\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-28] (Dropbox, Inc.)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [Google Update] => C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Run: [GoogleChromeAutoLaunch_F541D2A2A37D2A101A371AAC041A5196] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-08-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-08-07] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-11-22]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\RLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4B061ECD-1E87-4611-A579-AF18C82E51FF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B47A2A94-A5C6-4488-82BE-6B8E5E4D9054}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FB10A2E2-6E5B-4FC2-952E-0B40E069710E}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2231898861-770645649-3783352909-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2231898861-770645649-3783352909-1001 -> DefaultScope {B8550D65-650C-4037-A0D0-D43F0AD70665} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2231898861-770645649-3783352909-1001 -> {B8550D65-650C-4037-A0D0-D43F0AD70665} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: SwagButton -> {5CE831FC-884E-4773-B203-BB76561EDB98} -> C:\Program Files (x86)\Prodege\SwagButton\SBExtension.dll [2015-04-16] (Prodege)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-2231898861-770645649-3783352909-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2231898861-770645649-3783352909-1001 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
IE Session Restore: HKU\S-1-5-21-2231898861-770645649-3783352909-1001 -> is enabled.
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] ()
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\70fccnrl.default-1418764195817
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.swagbucks.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2013-01-22] (Simon Bünzli)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-06] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @citrixonline.com/appdetectorplugin -> C:\Users\RLee\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-06-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll [2013-01-22] (Simon Bünzli)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @talk.google.com/O1DPlugin -> C:\Users\RLee\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @tools.google.com/Google Update;version=3 -> C:\Users\RLee\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: @tools.google.com/Google Update;version=9 -> C:\Users\RLee\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2231898861-770645649-3783352909-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\RLee\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-04-15] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\RLee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\RLee\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Autofill Forms - C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\70fccnrl.default-1418764195817\extensions\autofillForms@blueimp.net.xpi [2015-12-04]
FF Extension: WOT - C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\70fccnrl.default-1418764195817\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-10]
FF Extension: SwagButton - C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\70fccnrl.default-1418764195817\extensions\shopearn@prodege.com.xpi [2015-12-13]
FF Extension: Adblock Plus - C:\Users\RLee\AppData\Roaming\Mozilla\Firefox\Profiles\70fccnrl.default-1418764195817\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-20] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-12-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-07-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\fmdownloader@gmail.com [2013-08-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2013-08-25] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-11-19]
CHR Extension: (YouTube) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (Ebates Cash Back) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2015-11-20]
CHR Extension: (Google Search) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Session Buddy) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2015-01-25]
CHR Extension: (Spotflux Lite) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcakbkpmlidimpglgiaclbpgbedlmpfl [2014-01-17]
CHR Extension: (Avira Browser Safety) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-17]
CHR Extension: (Google Docs Offline) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (SwagButton) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2015-12-10]
CHR Extension: (Kindle Cloud Reader) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-01]
CHR Extension: (Google Hangouts) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\RLee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2231898861-770645649-3783352909-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\RLee\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-07]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-08-04] (Adobe Systems) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [921664 2011-05-18] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-18] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-18] (Intel Corporation) [File not signed]
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-12-03] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-07-31] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)
R2 UsbService; C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [334848 2010-08-10] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2015-01-05] (AVG Technologies)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-10-28] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299312 2015-08-07] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2011-01-31] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 vuhub; C:\Windows\System32\DRIVERS\vuhub.sys [47616 2007-12-16] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-23 10:19 - 2015-12-23 10:21 - 00053593 _____ C:\Users\RLee\Desktop\FRST.txt
2015-12-23 10:18 - 2015-12-23 10:19 - 00000000 ____D C:\FRST
2015-12-23 10:18 - 2015-12-23 10:18 - 02370560 _____ (Farbar) C:\Users\RLee\Desktop\FRST64.exe
2015-12-23 01:03 - 2015-12-23 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-23 01:02 - 2015-12-23 01:02 - 00000000 ____D C:\Program Files\iTunes
2015-12-23 01:02 - 2015-12-23 01:02 - 00000000 ____D C:\Program Files\iPod
2015-12-23 00:44 - 2015-12-23 00:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-20 16:57 - 2015-12-23 02:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-14 16:18 - 2015-12-14 16:18 - 00970511 _____ C:\Users\RLee\Desktop\2015_black_list.pdf
2015-12-14 16:06 - 2015-12-14 16:08 - 36708508 _____ C:\Users\RLee\Desktop\Black List 2015.zip
2015-12-10 23:00 - 2015-12-10 23:00 - 00000000 ____D C:\Users\RLee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-10 02:01 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 02:01 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-10 02:01 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 02:01 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-10 02:01 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-10 02:01 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-10 02:01 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-10 02:01 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 02:01 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-10 02:01 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-10 02:01 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-10 02:01 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-10 02:01 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-10 02:01 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-10 02:01 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-10 02:01 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-10 02:01 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-10 02:01 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-10 02:01 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-10 02:01 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-10 02:01 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-10 02:01 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-10 02:01 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-10 02:01 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-10 02:01 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-10 02:01 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-10 02:01 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-10 02:01 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-10 02:01 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-10 02:01 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-10 02:01 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-10 02:01 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-10 02:01 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-10 02:01 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-10 02:01 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-10 02:01 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-10 02:01 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 02:01 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 02:01 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-10 02:01 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-10 02:01 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-10 02:01 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-10 02:01 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-10 02:01 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 02:01 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-10 02:01 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 02:01 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-10 02:01 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-10 02:01 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-10 02:01 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-10 02:01 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-10 02:01 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-10 02:01 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-10 02:01 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 02:01 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-10 02:01 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-10 02:01 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 02:01 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-10 02:01 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 02:01 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-10 02:01 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 02:01 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 02:01 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 02:01 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 01:59 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 01:59 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-10 01:59 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-10 01:59 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-10 01:59 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 01:59 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-10 01:59 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-10 01:59 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-10 01:59 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 01:59 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 01:59 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 01:59 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 01:59 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 01:59 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 01:59 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 01:59 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 01:59 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 01:59 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 01:59 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-10 01:59 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-10 01:59 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-10 01:59 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-10 01:57 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-10 01:57 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-10 01:57 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 01:55 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-10 01:55 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-05 12:29 - 2015-12-05 12:29 - 00061448 _____ C:\Users\RLee\Desktop\CH12_PILOT_151205.pdf
2015-12-03 16:06 - 2015-12-03 16:06 - 00000000 ____D C:\Users\RLee\AppData\Local\{F33878DC-3F38-4C6F-9046-1A270830CA9E}
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\RLee\AppData\Local\{DE9B92AD-3525-4884-A348-871A2DA47B2E}
2015-12-03 16:03 - 2015-12-03 16:03 - 00000000 ____D C:\Users\RLee\AppData\Local\{06CE26E9-E3EC-44C8-A26E-24ACF303C6C0}
2015-12-03 16:02 - 2015-12-03 16:03 - 00000000 ____D C:\Users\RLee\AppData\Local\{57974F46-4C2C-439D-A90F-A96DAEFAEEED}
2015-12-03 16:02 - 2015-12-03 16:02 - 00000000 ____D C:\Users\RLee\AppData\Local\{F1F0E116-1B2B-4CC8-8DCD-21F97CCEB7EC}
2015-12-03 16:02 - 2015-12-03 16:02 - 00000000 ____D C:\Users\RLee\AppData\Local\{D510924F-E6D8-4BEB-A153-2097E5C0D732}
2015-12-03 16:02 - 2015-12-03 16:02 - 00000000 ____D C:\Users\RLee\AppData\Local\{410DED2B-68DB-4B8B-9AC6-0E5C7BA273AC}
2015-12-03 10:42 - 2015-12-03 10:42 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-03 10:42 - 2015-12-03 10:42 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-12-03 10:40 - 2015-12-03 10:41 - 00347816 _____ (Microsoft Corporation) C:\Users\RLee\Desktop\MicrosoftFixit.WinUSB.RNP.Run.exe
2015-12-03 10:18 - 2015-12-16 14:26 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-03 10:18 - 2015-12-03 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-03 10:15 - 2015-12-03 10:15 - 00000000 ____D C:\Users\RLee\AppData\LocalLow\Avira
2015-12-01 15:18 - 2015-12-01 15:18 - 00000000 ____D C:\Program Files\Bonjour
2015-12-01 15:18 - 2015-12-01 15:18 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-12-01 15:18 - 2015-12-01 15:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-01 14:39 - 2015-12-01 14:39 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-12-01 12:20 - 2015-12-01 15:18 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-29 14:56 - 2015-11-29 15:15 - 00000000 ___HD C:\$WINDOWS.~BT
2015-11-29 12:35 - 2015-11-30 17:01 - 00000000 ____D C:\Users\RLee\Desktop\troubleshoot
2015-11-29 10:38 - 2015-11-29 11:00 - 00000000 ____D C:\Users\RLee\Documents\SysnativeFileCollectionApp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-23 10:19 - 2009-07-13 19:20 - 00000000 ____D C:\WINDOWS
2015-12-23 10:06 - 2012-05-24 11:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-23 09:49 - 2015-02-06 08:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-23 09:47 - 2015-08-05 17:04 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2231898861-770645649-3783352909-1001.job
2015-12-23 09:45 - 2012-02-18 00:26 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA.job
2015-12-23 09:45 - 2012-02-18 00:26 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core.job
2015-12-23 09:37 - 2015-06-28 13:46 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA.job
2015-12-23 08:45 - 2015-08-05 17:04 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2231898861-770645649-3783352909-1001.job
2015-12-23 08:45 - 2012-05-22 01:05 - 00000000 ____D C:\Users\RLee\AppData\LocalLow\Temp
2015-12-23 02:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-23 02:42 - 2009-07-13 20:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-23 02:32 - 2012-02-18 00:39 - 00000000 ___RD C:\Users\RLee\Documents\My Dropbox
2015-12-23 02:31 - 2012-02-18 01:28 - 00000000 ____D C:\Users\RLee\AppData\Roaming\Dropbox
2015-12-23 02:30 - 2013-11-29 10:38 - 00000000 ____D C:\Users\RLee\AppData\Local\D45289B4-E1D1-4EBC-B169-3004AC1BCF1A.aplzod
2015-12-23 02:29 - 2011-11-09 20:16 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-12-23 02:28 - 2012-02-18 00:40 - 00000000 ____D C:\Users\RLee\Documents\Outlook Files
2015-12-23 02:27 - 2011-11-09 20:21 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-12-23 02:27 - 2011-11-09 20:21 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-12-23 02:25 - 2012-05-24 11:23 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-23 02:24 - 2011-11-09 21:44 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-23 02:24 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-23 02:23 - 2012-09-02 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-23 01:02 - 2012-06-13 09:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-12-23 01:02 - 2012-02-18 01:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-22 20:03 - 2014-12-16 22:09 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-12-22 16:38 - 2015-11-12 15:13 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-12-22 14:37 - 2015-06-28 13:46 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core.job
2015-12-22 10:44 - 2014-01-17 15:41 - 00000000 ____D C:\Users\RLee\AppData\Local\CrashDumps
2015-12-21 09:12 - 2013-05-27 08:31 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2015-12-19 20:35 - 2015-10-27 17:11 - 00000000 ____D C:\Users\RLee\AppData\Roaming\Skype
2015-12-19 20:26 - 2011-11-09 20:18 - 00000000 ____D C:\ProgramData\Skype
2015-12-19 08:31 - 2015-08-05 17:04 - 00003674 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2231898861-770645649-3783352909-1001
2015-12-19 08:31 - 2015-08-05 17:04 - 00003578 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2231898861-770645649-3783352909-1001
2015-12-18 20:26 - 2012-05-21 13:01 - 00000000 ____D C:\Users\RLee\AppData\Roaming\Nitro PDF
2015-12-18 20:18 - 2015-11-21 11:48 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 09:25 - 2015-11-21 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-17 16:16 - 2012-08-16 08:56 - 00000000 ____D C:\Users\RLee\AppData\Local\ElevatedDiagnostics
2015-12-17 12:40 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-17 12:08 - 2015-04-04 22:45 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-17 12:08 - 2015-04-04 22:45 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 15:48 - 2012-09-02 22:34 - 00000000 ____D C:\Users\RLee\AppData\Roaming\Mozilla
2015-12-15 20:59 - 2014-11-16 18:25 - 00000000 ____D C:\Users\RLee\Desktop\Market Force
2015-12-15 20:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-12-10 02:42 - 2009-07-13 20:45 - 00463304 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-10 02:40 - 2012-05-12 13:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 02:40 - 2011-11-09 20:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 02:38 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2015-12-10 02:36 - 2012-05-12 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 02:36 - 2012-02-18 00:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-10 02:32 - 2013-07-19 11:58 - 00000000 ____D C:\Windows\system32\MRT
2015-12-10 02:07 - 2012-02-18 10:05 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-09 10:50 - 2015-02-06 08:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-09 10:50 - 2014-11-27 12:55 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-09 10:50 - 2014-11-27 12:55 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-07 15:50 - 2015-11-16 13:49 - 00000000 ____D C:\Users\RLee\Desktop\MiTu
2015-12-04 09:40 - 2012-02-18 00:26 - 00003872 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA
2015-12-04 09:40 - 2012-02-18 00:26 - 00003476 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core
2015-12-03 18:21 - 2009-07-13 21:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 18:04 - 2013-08-26 23:04 - 00000405 _____ C:\Users\RLee\Desktop\Consulting.txt
2015-12-03 16:01 - 2012-05-24 11:23 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 16:01 - 2012-05-24 11:23 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 10:17 - 2012-05-24 11:23 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-03 10:05 - 2014-11-27 14:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-02 16:23 - 2014-10-09 09:42 - 00000000 ____D C:\Users\RLee\Documents\Duke interviews
2015-12-01 15:17 - 2012-02-18 00:52 - 00000000 ____D C:\ProgramData\Apple
2015-12-01 14:52 - 2015-11-22 10:00 - 00000000 ____D C:\MATS
2015-12-01 10:03 - 2015-11-21 12:01 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-12-01 10:03 - 2015-11-21 12:01 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-12-01 10:03 - 2015-11-21 12:01 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-11-30 15:32 - 2012-08-16 13:20 - 00007600 _____ C:\Users\RLee\AppData\Local\resmon.resmoncfg
2015-11-29 23:45 - 2015-08-05 17:34 - 00000000 ____D C:\Users\RLee\Desktop\TV Video
2015-11-29 15:15 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther
2015-11-29 12:12 - 2009-07-13 19:20 - 00000000 ____D C:\PerfLogs
2015-11-27 00:22 - 2012-05-24 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-23 16:24 - 2014-12-16 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-11-23 16:24 - 2014-12-16 22:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-11-23 10:54 - 2014-01-10 15:20 - 00000000 ____D C:\Program Files (x86)\sp
 
==================== Files in the root of some directories =======
 
2005-12-08 18:51 - 2005-12-08 18:51 - 0000060 ____R () C:\Program Files (x86)\BRINST.INI
2014-03-04 21:31 - 2014-03-04 21:31 - 0000135 _____ () C:\Users\RLee\AppData\Roaming\bibstats
2015-03-30 23:55 - 2015-03-30 23:55 - 0000025 _____ () C:\Users\RLee\AppData\Roaming\ClipExtractor-UpdatePerformed.txt
2015-03-30 23:55 - 2015-03-31 00:03 - 0000591 _____ () C:\Users\RLee\AppData\Roaming\ClipExtractor-YouTube-Clip-ExtractorFlvConverterDefaultSettings.xml
2012-02-18 01:03 - 2013-11-29 05:26 - 0010395 _____ () C:\Users\RLee\AppData\Roaming\Rim.Desktop.Exception.log
2012-02-18 01:01 - 2015-01-08 20:31 - 0006437 _____ () C:\Users\RLee\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-02-18 01:03 - 2013-11-29 05:26 - 0010780 _____ () C:\Users\RLee\AppData\Roaming\Rim.DesktopHelper.Exception.log
2012-06-09 19:12 - 2012-07-25 14:05 - 0000462 _____ () C:\Users\RLee\AppData\Roaming\Rim.Transcoder.Exception.log
2012-02-18 01:16 - 2012-02-18 09:20 - 1332295 _____ () C:\Users\RLee\AppData\Roaming\UserTile.png
2012-02-18 10:09 - 2015-07-20 21:06 - 0046592 _____ () C:\Users\RLee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-08-16 13:20 - 2015-11-30 15:32 - 0007600 _____ () C:\Users\RLee\AppData\Local\resmon.resmoncfg
2014-09-26 17:56 - 2014-09-26 17:56 - 0003116 _____ () C:\Users\RLee\AppData\Local\Temp1
2012-02-18 01:10 - 2012-02-18 01:11 - 0000026 ____H () C:\ProgramData\.811261211181235583101118113995
2012-02-18 01:07 - 2012-02-18 01:07 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Files to move or delete:
====================
C:\Users\RLee\SBExtnBack.exe
 
 
Some files in TEMP:
====================
C:\Users\RLee\AppData\Local\Temp\avgnt.exe
C:\Users\RLee\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0qpu0v.dll
C:\Users\RLee\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-10 18:54
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015

Ran by RLee (2015-12-23 10:22:25)

Running from C:\Users\RLee\Desktop

Windows 7 Home Premium Service Pack 1 (X64) (2012-02-18 08:19:43)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2231898861-770645649-3783352909-500 - Administrator - Disabled)

Guest (S-1-5-21-2231898861-770645649-3783352909-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2231898861-770645649-3783352909-1003 - Limited - Enabled)

RLee (S-1-5-21-2231898861-770645649-3783352909-1001 - Administrator - Enabled) => C:\Users\RLee

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

ABBYY FineReader for ScanSnap 4.0 (HKLM-x32\...\{FB400000-0001-0000-0000-074957833700}) (Version: 8.00.245.56422 - ABBYY)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)

Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)

Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Amazon Cloud Drive (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\23ab716f18849b6f) (Version: 2.4.2013.3290 - Amazon)

Amazon Kindle (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Amazon Kindle) (Version:  - Amazon)

Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

ASUS RT-N56U Wireless Router Utilities (HKLM-x32\...\{BB5FCB34-F3DE-4FA1-A92F-F66563D280B0}) (Version: 4.1.4.2 - ASUS)

ASUS Wireless Router RT-N56U Manuals (HKLM-x32\...\{9547D6CD-68A2-4209-AB18-D295CCD8A099}) (Version: 1.00.000 - ASUS)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2004958446.48.56.38409594 - Audible, Inc.)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)

Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)

Avira Launcher (HKLM-x32\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)

Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Brother Driver Deployment Wizard (HKLM-x32\...\{0ED38503-B69A-44B4-98BE-21BFF284A9B6}) (Version: 1.09.000 - Brother)

Brother MFL-Pro Suite MFC-7860DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)

CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden

CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.0L10 - PFU)

CardMinder V4.0 (x32 Version: 4.0.10.1 - PFU) Hidden

Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)

Clip Extractor 5.11 (HKLM-x32\...\Clip Extractor_is1) (Version:  - Clip Extractor)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)

CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)

Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)

Dell System Detect (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\73f463568823ebbe) (Version: 6.6.0.1 - Dell)

Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)

Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.01.19 - Creative Technology Ltd)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Dropbox (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)

EPubsoft EPUB to PDF Converter 5.7.4 (HKLM-x32\...\{55206574-47A5-4C60-A6D7-86375754DFF7}) (Version: 5.7.4 - EPUBSOFT)

erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)

FileMaker Pro 10 (HKLM-x32\...\{96F5D143-C950-465D-A8BE-C3D4D9CB3C1F}) (Version: 10.0.1.0 - FileMaker, Inc.)

FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)

Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)

Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)

Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.3 - Ellora Assets Corporation)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

GoToMeeting 7.8.0.4151 (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\GoToMeeting) (Version: 7.8.0.4151 - CitrixOnline)

HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )

iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)

Intel PROSet Wireless (x32 Version:  - ) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

Intel® WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )

InterActual Player (HKLM-x32\...\InterActual Player) (Version:  - )

Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )

Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)

JPEGmini (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\1e743bb8905c901f) (Version: 1.8.10.1 - ICVT Ltd)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

KigoVideoConverter 1.1.1 (HKLM-x32\...\KigoVideoConverter_is1) (Version:  - Kigosoft Inc.)

K-Lite Codec Pack 4.0.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 4.0.0 - )

Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)

Malwarebytes Anti-Exploit version 1.8.1.1045 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1045 - Malwarebytes)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)

Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)

Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

NVIDIA 3D Vision Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 355.60 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)

NVIDIA Graphics Driver 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.60 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)

Pazera Free AVI to MP4 Converter 1.0 (HKLM-x32\...\{55F62293-FD7F-4CF0-8097-8DE29EF66DC8}_is1) (Version: 1.0 - Jacek Pazera)

Pazera Free MKV to MP4 Converter 1.0 (HKLM-x32\...\{29D94C26-A8BC-4219-9E80-246AF17CE01F}_is1) (Version: 1.0 - Jacek Pazera)

Pazera Free Video to iPod Converter 1.1 (HKLM-x32\...\{6B1313E4-2850-4F1B-B5CF-01BCFD4D9A9B}_is1) (Version: 1.1 - Jacek Pazera)

PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)

PDFlite 0.9.0.0 (HKLM-x32\...\PDFlite) (Version: 0.9.0.0 - Amnis Technology Ltd)

PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)

Photo Magician 2.3.6.1 (HKLM-x32\...\{AF766933-2E99-4D86-916E-FEA0A482B89E}_is1) (Version:  - Sheldon Solutions)

PHOTOfunSTUDIO 5.1 HD Edition (HKLM-x32\...\{959282E3-55A9-49D8-B885-D27CF8A2FD82}) (Version: 5.01.130 - Panasonic Corporation)

PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)

PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)

Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Scan to Microsoft SharePoint (HKLM-x32\...\{5E72F1EA-B77E-47EB-8639-CE6B7293ED67}) (Version: 3.3.4 - KnowledgeLake)

ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden

ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L30 - PFU)

ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)

Scansoft PDF Professional (x32 Version:  - ) Hidden

Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden

Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

SwagButton (HKLM-x32\...\{7967795F-ADBE-477F-8777-AF6195210D2B}) (Version: 167.0.107 - Prodege)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)

TiVo Desktop 2.8.2 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.369 - TiVo Inc.)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)

YouSendIt Express (HKLM-x32\...\InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}) (Version: 2.11.1 - YouSendIt)

YouSendIt Express (x32 Version: 2.11.1 - YouSendIt) Hidden

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2231898861-770645649-3783352909-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-2231898861-770645649-3783352909-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

CustomCLSID: HKU\S-1-5-21-2231898861-770645649-3783352909-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

CustomCLSID: HKU\S-1-5-21-2231898861-770645649-3783352909-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

CustomCLSID: HKU\S-1-5-21-2231898861-770645649-3783352909-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RLee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

 

==================== Restore Points =========================

 

17-12-2015 16:16:05 Scheduled Checkpoint

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 18:34 - 2015-10-23 11:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {02E45E09-28E9-4177-9E7B-1DA1D0B7E808} - System32\Tasks\{C6965076-A045-4A25-ACCC-C7FDA589A60C} => pcalua.exe -a "C:\Program Files (x86)\ScanSoft\OmniPageSE4\ScannerWizard.exe" -d "C:\Program Files (x86)\ScanSoft\OmniPageSE4\" -c /A [OmniPage SE 4] /L [eng]

Task: {05AF0135-9DA4-4A2A-A47C-3CADE324D34B} - System32\Tasks\G2MUploadTask-S-1-5-21-2231898861-770645649-3783352909-1001 => C:\Users\RLee\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {0D03CDD7-6F1B-4A5F-8E56-3F3B8FBEE611} - System32\Tasks\G2MUpdateTask-S-1-5-21-2231898861-770645649-3783352909-1001 => C:\Users\RLee\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {0DA653EC-852D-4E54-BEDE-EC926E199D44} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA => C:\Users\RLee\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-28] (Dropbox, Inc.)

Task: {16B5FB4D-9BD1-4D5D-AF26-3BD69A3BFF24} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)

Task: {223068F0-AEC5-4A5C-A1A4-C928E4FE958E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2231898861-770645649-3783352909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {321824BC-8BB4-4DE2-8E7A-1E83F6D85F5C} - System32\Tasks\{FE466E49-6AD6-4CD0-89D7-F8A04666CFA6} => pcalua.exe -a "C:\Users\RLee\Google Drive\Downloads\mx700swin64101ej.exe" -d "C:\Users\RLee\Google Drive\Downloads"

Task: {32379DF5-F67A-4182-9B1D-A875E1D96159} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)

Task: {33699597-2C8E-4EE9-9D01-323A29992F0B} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2231898861-770645649-3783352909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {3E9ED2DD-66C6-4D01-B9F0-F51E02A1E75B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2231898861-770645649-3783352909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {3EFE8CC8-386C-40C9-9764-C8C0E5DC86F1} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)

Task: {5D1BF37D-17CF-4744-96B3-96E94EF8D410} - System32\Tasks\{9564012A-3901-499B-8D84-F9F3CF1C1878} => pcalua.exe -a "C:\Users\RLee\Google Drive\Downloads\mx700swin101ej.exe" -d "C:\Users\RLee\Google Drive\Downloads"

Task: {6B12174B-D607-4AC6-8312-681B79D157F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {6BC076CD-BBC2-41F9-A715-8FDE6FABCA6E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2231898861-770645649-3783352909-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {776031A1-F7FF-455E-953E-64FA692D2904} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core => C:\Users\RLee\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-28] (Dropbox, Inc.)

Task: {860FE1AD-D8AB-4D44-B6B9-A6500E1C687B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {888D6947-8AD3-4691-AFC1-E7F5D80EDE08} - System32\Tasks\{C863F6E6-BA24-4F14-B435-2D0E4AB1456B} => pcalua.exe -a C:\Users\RLee\Desktop\YouSendItExpressSetup2_11_1.exe -d C:\Users\RLee\Desktop

Task: {8A003B11-E00F-4C4A-AC33-76A30392D61C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {8A9722C8-712E-4A61-95B5-0A13A7FD620F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {8FCB0ACF-D0AB-4345-BA7D-ACE798725C0F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA => C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {95EF565C-0EE8-452C-AFC4-62CA7AC78B48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {98F2BED6-C972-40AE-B074-8CBE7E975995} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)

Task: {9FD1C664-849D-4E45-88A9-7799818009D6} - System32\Tasks\{DBFD4387-E7A9-4ACC-8B0A-9F1E9E639E68} => Chrome.exe hxxp://ui.skype.com/ui/0/7.0.59.102/en/abandoninstall?page=tsPlugin

Task: {B0A0C782-09A1-4DE5-A9ED-F9AC97ED39DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {B15E6F2F-8D24-4742-9D96-33B48EFD5EC1} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)

Task: {B2649145-3DCB-46E1-95F8-5C0DAD966D8C} - System32\Tasks\{743750E9-5C35-4313-BAC9-F197CD22A32B} => pcalua.exe -a "C:\Users\RLee\Google Drive\Downloads\PhSp_CS2_English.exe" -d "C:\Users\RLee\Google Drive\Downloads"

Task: {D34766C9-ED65-4F3B-920E-B836F0FEB52B} - System32\Tasks\AutoUpdaterTask => C:\Program Files (x86)\Auto Updater\AutoUpdater.exe

Task: {DABB4762-6D6D-4C92-88A0-5F5E925F99F6} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)

Task: {F586A2C3-082C-44A6-9C7B-617A512A8CE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core => C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core.job => C:\Users\RLee\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA.job => C:\Users\RLee\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2231898861-770645649-3783352909-1001.job => C:\Users\RLee\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe

Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2231898861-770645649-3783352909-1001.job => C:\Users\RLee\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001Core.job => C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2231898861-770645649-3783352909-1001UA.job => C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2011-07-27 18:07 - 2011-07-27 18:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2012-04-22 16:47 - 2011-02-28 14:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll

2012-08-10 18:34 - 2005-03-11 16:07 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

2012-08-16 14:20 - 2015-08-06 20:34 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2011-11-09 21:18 - 2011-07-20 05:04 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll

2011-07-27 18:07 - 2011-07-27 18:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2011-11-09 20:05 - 2010-12-17 08:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

2015-10-13 05:45 - 2015-10-13 05:45 - 00306960 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll

2013-08-26 15:38 - 2005-04-21 20:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll

2013-11-17 01:17 - 2010-08-10 05:37 - 00334848 ____R () C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

2011-11-09 20:16 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

2011-11-09 21:19 - 2015-08-07 03:06 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

2015-08-29 19:30 - 2015-08-26 16:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2015-10-13 05:46 - 2015-10-13 05:46 - 00073512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

2015-08-24 05:56 - 2015-08-24 05:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2015-11-22 12:13 - 2011-04-08 13:53 - 00376832 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll

2015-11-22 12:13 - 2011-03-16 15:30 - 00233472 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll

2015-11-22 12:13 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll

2015-11-22 12:14 - 2010-08-24 16:56 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll

2015-12-10 23:00 - 2015-10-30 16:59 - 00034768 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00022848 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00023352 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00042296 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00116688 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2015-12-10 23:00 - 2015-10-30 16:59 - 00093640 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00018376 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\select.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00019760 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00105928 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32api.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00392144 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2015-12-10 23:00 - 2015-12-08 13:36 - 00381752 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00692688 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00020816 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00109520 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 01737032 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00020808 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00020800 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00021840 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00038696 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\fastpath.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00024528 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32event.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00020936 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00114640 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32security.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00021320 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00124880 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32file.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00030160 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00043472 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32process.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00175560 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32gui.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00028616 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32ts.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00048592 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32service.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00024392 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00036296 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\librsync.dll

2015-12-10 23:00 - 2015-10-30 17:00 - 00024016 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\win32profile.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00117056 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00023376 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00134608 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_elementtree.pyd

2015-12-10 23:00 - 2015-10-30 16:59 - 00134088 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00240584 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\jpegtran.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00020280 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00052024 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00021304 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00350152 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00084792 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2015-12-10 23:00 - 2015-12-08 13:36 - 01826608 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2015-12-10 23:00 - 2015-10-30 17:00 - 00083912 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\sip.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 03891504 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 01950000 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00519984 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00133936 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00225080 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00207672 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00024904 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00486704 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2015-12-10 23:00 - 2015-12-08 13:36 - 00357680 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2015-09-30 13:29 - 2015-10-30 17:01 - 00019920 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll

2015-09-30 13:29 - 2015-10-30 17:00 - 00786904 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll

2015-09-30 13:29 - 2015-10-30 17:00 - 00063448 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll

2015-09-30 13:29 - 2015-10-30 17:00 - 00019408 _____ () C:\Users\RLee\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

2015-12-16 14:26 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll

2015-12-16 14:26 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll

2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll

2015-12-09 10:50 - 2015-12-09 10:50 - 17647296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll

2015-12-16 14:26 - 2015-12-10 19:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE trusted site: HKU\S-1-5-21-2231898861-770645649-3783352909-1001\...\dell.com -> dell.com

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2231898861-770645649-3783352909-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\RLee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8 - 8.8.4.4

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CardMinder Viewer.lnk => C:\Windows\pss\CardMinder Viewer.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Conversion to PDF with ScanSnap Organizer.lnk => C:\Windows\pss\Conversion to PDF with ScanSnap Organizer.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 5.1 HD Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 5.1 HD Edition.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ScanSnap Manager.lnk => C:\Windows\pss\ScanSnap Manager.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^RLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup

MSCONFIG\startupfolder: C:^Users^RLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.appref-ms => C:\Windows\pss\Amazon Cloud Drive.appref-ms.Startup

MSCONFIG\startupfolder: C:^Users^RLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.lnk => C:\Windows\pss\Amazon Cloud Drive.lnk.Startup

MSCONFIG\startupfolder: C:^Users^RLee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup

MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: Aim => "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US

MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\RLee\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

MSCONFIG\startupreg: Freecorder FLV Service => "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

MSCONFIG\startupreg: Google Update => "C:\Users\RLee\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"

MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"

MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

MSCONFIG\startupreg: PPort12reminder => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

MSCONFIG\startupreg: ScanSnap WIA Service Checker => C:\Windows\SSDriver\fi5110\SsWiaChecker.exe

MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

MSCONFIG\startupreg: TivoNotify => C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify

MSCONFIG\startupreg: TivoServer => C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry /auto:TivoServer

MSCONFIG\startupreg: TivoTransfer => C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{F208A16D-F08B-4BBD-B318-2A73862CEF53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

FirewallRules: [{7CD1CE61-C5F1-4425-91AB-11A90CB33B5C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

FirewallRules: [{6C66606C-513E-45D6-ADE5-04A9A14E62C5}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{8A2B757A-4065-44DF-B520-8B03C21A2E78}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{F5BC1B43-99D6-4C06-9562-EFAF7D83500C}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe

FirewallRules: [{5C08E11E-7CA4-491B-A78F-3CEA536C71E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{96E6E40C-0727-44AE-B27A-E93774832C12}] => (Allow) LPort=2869

FirewallRules: [{9905C897-9766-4AD2-8937-D03C2006BAD1}] => (Allow) LPort=1900

FirewallRules: [{4EBB0497-2CEE-4C1E-9BAD-19D2EC026DAE}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{9074A1F0-A702-4A20-BBCF-83DFD50213B0}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [{8D589913-95C4-451E-91E0-138F424E6A11}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{85999FC0-9059-4C7E-8031-40AFC74E2283}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{0C558AAA-ABE6-4477-8757-F021A765E680}] => (Allow) C:\Program Files\dell stage\dell stage\accuweather\accuweather.exe

FirewallRules: [{EF88BE80-3AAC-404F-A80B-7EB3C8A04EB9}] => (Allow) C:\Program Files\dell stage\musicstage\musicstageengine.exe

FirewallRules: [{FDC36927-6C81-4EB1-B417-CADD7A6869AB}] => (Allow) C:\Program Files\dell stage\dell stage\stage_primary.exe

FirewallRules: [{1DE70BED-8258-416A-A248-5FFE0CBE6B02}] => (Allow) C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{FE1CA1E1-8F4B-4DEA-B21F-483DF5A4777D}] => (Allow) C:\Users\RLee\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{99B410C6-4E5F-4E0A-92B5-D216F34AE24A}] => (Allow) C:\Program Files (x86)\AIM\aim.exe

FirewallRules: [{D30FFCD9-ED9F-470B-B4E9-5B766C5C5403}] => (Allow) C:\Program Files (x86)\AIM\aim.exe

FirewallRules: [TCP Query User{20E347A6-E23C-458E-B339-3EFE388EB62E}C:\users\rlee\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rlee\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [uDP Query User{29389A4F-45A8-49E4-A5BE-35DC18BC064A}C:\users\rlee\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\rlee\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{D71477EE-448F-43E8-A5BF-C2142220B245}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{86BC4230-8FA0-4CBC-88AD-5F5FED3E0765}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe

FirewallRules: [{1D9DEAB7-D259-49BD-8021-9FA394DF8943}] => (Allow) LPort=5353

FirewallRules: [{C98E4C0F-FF51-404A-8BF4-D86F49989B41}] => (Allow) LPort=7288

FirewallRules: [{C33FBECC-6EAA-49F8-B615-516A25DF186E}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [{895F9F0C-BBF3-4876-935C-BAC3FC27F878}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe

FirewallRules: [TCP Query User{5DB600D0-51C6-4CFF-9C0D-325CC5C3A891}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe

FirewallRules: [uDP Query User{31D43AE2-61B1-4075-9153-047F7A884F1A}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe

FirewallRules: [TCP Query User{0D16A640-E121-4571-8794-D2A65F4E9F99}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe

FirewallRules: [uDP Query User{2B04605F-C684-44BF-BAE5-553D6E36C433}C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 10\filemaker pro.exe

FirewallRules: [{D3E5BB60-C485-4DA4-B2DA-AD1B783D5AC0}] => (Allow) LPort=50000

FirewallRules: [TCP Query User{7500F98A-97E2-4B91-BACA-0B2BEB376784}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe

FirewallRules: [uDP Query User{BE49055E-D5A9-4632-9D38-2F759A677B5C}C:\program files (x86)\real\realplayer\realplay.exe] => (Block) C:\program files (x86)\real\realplayer\realplay.exe

FirewallRules: [{476E40D6-A3D3-43F7-B33A-7DA53FB64ED0}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

FirewallRules: [{5FCD3A59-9677-402B-B54D-4789389FD186}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

FirewallRules: [{2D7A2A1D-9C8C-4B19-A964-98F091ED58BF}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

FirewallRules: [{976F79AF-13D1-4CC4-80A0-4F6CE9E7F89A}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

FirewallRules: [{E48C048F-5D5B-4F81-A2FD-94B8C8771145}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe

FirewallRules: [{A13AE723-EE5F-43AA-8640-7CDEFECCC8D6}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDesktop.exe

FirewallRules: [{78FEF4E3-C0CB-4274-8206-4BE51AEF78CA}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe

FirewallRules: [{AF2D75F3-A7A2-4218-90E6-48193C73650F}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\curl.exe

FirewallRules: [{9046B25E-4B99-4B29-9B59-54EB8AEB1CC0}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe

FirewallRules: [{5644D750-4694-4D8A-9FCD-D9F2AC8AA9D7}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe

FirewallRules: [{2599C92E-363B-480B-96FE-D55338658A8A}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe

FirewallRules: [{C0C71E91-8828-4376-ACF7-59B41D5A743A}] => (Allow) C:\Program Files (x86)\TiVo\Desktop\TiVoDiag.exe

FirewallRules: [{2D143D10-3AA8-4960-A505-1555715D04DA}] => (Allow) C:\Users\RLee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{BDA25AC8-4EDC-425D-A92E-35CC43D6891A}] => (Allow) C:\Users\RLee\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{7A5D051B-A0AE-4C08-8EB7-BB217D56E595}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Discovery.exe

FirewallRules: [{C6727F69-3187-4D17-8B5B-1CA7A6207B77}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Discovery.exe

FirewallRules: [{43C5E5E3-8EB6-4787-BF41-F6671A6A489F}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Rescue.exe

FirewallRules: [{E7B30F49-3B0C-4B6A-8E15-44DA8DA354A2}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Rescue.exe

FirewallRules: [{04072FA1-7B19-4D67-B4D3-888D484B1587}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Download.exe

FirewallRules: [{AAB7670F-A39D-4FEE-AEF0-FAE034B29657}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\Download.exe

FirewallRules: [{23AD4EA6-074E-4850-AA96-39321874B4E8}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\LiveUpdate.exe

FirewallRules: [{43733F2E-FD35-4F88-86DA-530E73C2D7EF}] => (Allow) C:\Program Files (x86)\ASUS\RT-N56U Wireless Router Utilities\LiveUpdate.exe

FirewallRules: [{3821AAD2-F067-4A19-A745-12DA4CA9BF2F}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

FirewallRules: [{A62BCDA7-8271-4CD9-8269-CF90CCC4061A}] => (Allow) C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe

FirewallRules: [{9E472102-7AEA-4B00-9185-E006DBE31373}] => (Allow) D:\Printer\Printer.exe

FirewallRules: [{7675F841-0994-404D-9D00-A12DCBAA4778}] => (Allow) D:\Printer\Printer.exe

FirewallRules: [TCP Query User{EA370B89-9FC4-4794-80E1-C9E4CC998FB9}C:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe] => (Allow) C:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe

FirewallRules: [uDP Query User{6AD4B6F4-BF3D-4E7F-B0EE-A41DF2B5A84E}C:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe] => (Allow) C:\program files (x86)\asus\rt-n56u wireless router utilities\liveupdate.exe

FirewallRules: [TCP Query User{63211CA5-C4CC-4623-994E-DBAD4F0F61B2}C:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe

FirewallRules: [uDP Query User{39F2DCC5-6EC5-4825-88B1-1A11DDC285DA}C:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe] => (Allow) C:\program files (x86)\asus\rt-n56u wireless router utilities\discovery.exe

FirewallRules: [{B781459C-0A5E-4749-A593-1D645038B0EA}] => (Allow) LPort=54925

FirewallRules: [{9E71C68E-ACBE-4421-BE98-68E5E8A7BD42}] => (Allow) LPort=54926

FirewallRules: [{6B529152-2C65-49FE-9C38-F01B96200D79}] => (Allow) C:\Users\RLee\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0774CF03-BD2F-4F01-9F51-9D5759309DF9}] => (Allow) C:\Users\RLee\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{0DDDAC57-525D-4DCA-A69C-EBEFC2F5305D}] => (Allow) C:\Users\RLee\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{C67EA9BE-73BC-4446-93FE-19DC320E7AE9}] => (Allow) C:\Users\RLee\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{3757B942-3ACA-49E7-A54C-41BF487EE981}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [{A60D0EBD-3660-4E2C-8221-0FE4DE203144}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [TCP Query User{F470A595-2211-4E32-920A-DC186D8A9E63}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe

FirewallRules: [uDP Query User{8F859C25-215A-46FD-9F46-EBD2E4A578F2}C:\program files\vuze\azureus.exe] => (Allow) C:\program files\vuze\azureus.exe

FirewallRules: [{87542B8B-1B3D-4401-A382-127BFCF6B177}] => (Allow) C:\Users\RLee\Google Drive\Downloads\bittorrent.exe

FirewallRules: [{15B88C91-A346-42DA-83EA-08F1EBD2DF01}] => (Allow) C:\Users\RLee\Google Drive\Downloads\bittorrent.exe

FirewallRules: [{297F355A-D2CB-4CF2-A35C-2A93242EFEC4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\BrScUtil.exe

FirewallRules: [{94B1389C-DED1-4376-9F0B-C09E9B157199}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\BrScUtil.exe

FirewallRules: [{DC40F2E4-BDAF-4D1F-BFE3-BDBCE04D8922}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\BrScUtil.exe

FirewallRules: [{362824D4-0D19-47EF-BB05-57EF355E95E7}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10f\BrScUtil.exe

FirewallRules: [{EE376E0D-288E-4694-967E-83E7A8E2CDD3}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

FirewallRules: [{5B78957B-D5FB-44D9-A0C8-530093102141}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

FirewallRules: [{60C304C2-E35D-4716-954E-692E1A8CCC84}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

FirewallRules: [{1E2AE386-A118-4F07-B53D-AE9F00DDD8E4}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe

FirewallRules: [{9583063C-6974-4AE8-9A9B-DCED1D238956}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe

FirewallRules: [{3CC34409-B2E8-4120-9692-F53905C0E58C}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe

FirewallRules: [{09C616EA-0766-462F-B1AE-55B2FD3EB42B}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe

FirewallRules: [{3B05DDC3-F50A-4AD6-A663-09C3D7ADFD00}] => (Allow) C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrg.exe

FirewallRules: [{240F7E6F-B987-49BC-A2D1-40C41C0EB645}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{5B8AD3E3-8508-463A-9757-9143D3C6E060}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{39B49718-AFC6-4E72-8761-240DF6D80FC1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{E8F8B608-D207-4F84-8193-B42D19102FAE}] => (Allow) C:\Users\RLee\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{DA61A142-7C8C-467B-B19A-B8E0C73EE345}] => (Allow) C:\Users\RLee\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F85E88F2-1D58-4FDB-95F7-EC9F5E96FE62}] => (Allow) C:\Users\RLee\Google Drive\Downloads\bittorrent.exe

FirewallRules: [{F150A6C5-2D90-4729-8113-6BE6B356A026}] => (Allow) C:\Users\RLee\Google Drive\Downloads\bittorrent.exe

FirewallRules: [{EE75B5A5-2A8E-4666-BD6C-9CCEA9E3379C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{F5053E38-2AD4-4EA1-B3BB-9E58874FEFE1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe

FirewallRules: [{F56C8AAD-49BA-423D-9964-02FF78A8BE03}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

FirewallRules: [{9C8266F2-F15D-4F31-8EB8-2161E8B4118C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe

FirewallRules: [{9B246049-99ED-4D9F-9D40-3B06446A753E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{CA19D8E9-9055-40C7-BD62-6C992DF79169}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe

FirewallRules: [{A72D0D66-AA34-43C9-B6B4-B1D93FCADC1E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{6CFDA91D-129F-4FCB-8039-7508E5A9D461}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

FirewallRules: [{BA883414-90E4-4EAB-8014-AB0914631632}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{1AADAEF7-5B76-4CB7-A232-9FB7CF17280E}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{B9C93312-C8DC-4C92-860D-FDEC827124C9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{C6C8A0B7-DCFA-4197-8B59-B9DABA740452}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{A832DE5C-EFBC-4A2E-BDF9-C6D159B8E8D9}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{AD266B73-C29E-42C8-9A62-D94CACBBB59B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{5D076CE2-A19F-4269-BD00-0C1E59A7D080}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [{04E6B09A-3B5A-410F-8759-D0E8727EF25F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe

FirewallRules: [TCP Query User{36F5092A-8D1C-4B31-A182-A032B6123759}C:\users\rlee\desktop\utorrent.exe] => (Allow) C:\users\rlee\desktop\utorrent.exe

FirewallRules: [uDP Query User{3BD8F873-2A71-43AA-84D9-5AFC7C607553}C:\users\rlee\desktop\utorrent.exe] => (Allow) C:\users\rlee\desktop\utorrent.exe

FirewallRules: [TCP Query User{A9E8CE65-3AA4-4594-AA50-A567FD144447}C:\users\rlee\desktop\utorrent.exe] => (Allow) C:\users\rlee\desktop\utorrent.exe

FirewallRules: [uDP Query User{8AB2B9EE-AF56-4ED4-841B-9DB0EBBCE5DC}C:\users\rlee\desktop\utorrent.exe] => (Allow) C:\users\rlee\desktop\utorrent.exe

FirewallRules: [TCP Query User{E6794C07-494B-4524-ABB2-6DE9F406F985}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [uDP Query User{6BCC7377-7EFE-400E-B531-9005583B4BA2}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{778FEA22-004F-4FAA-9277-6E42704D428A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{8C1D9081-B102-44F6-825E-B5FA7EA3AD90}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{4BBF5373-E30D-4BEA-8E30-540E5E4344BA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{3F5C4A93-9C0D-4FEC-B8B4-7B501B074478}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{095351D7-6D4E-480F-B61C-83F698485602}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{9EC25568-A9B9-4274-838E-92868FDC487A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{70E68C35-90C6-43ED-8097-859D624D78B5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{2A1CE14C-892B-4B3D-9C0C-394B7FA59812}C:\users\rlee\desktop\column 2\utorrent.exe] => (Allow) C:\users\rlee\desktop\column 2\utorrent.exe

FirewallRules: [uDP Query User{5EBBAA03-3D20-493B-B888-59B3243633DA}C:\users\rlee\desktop\column 2\utorrent.exe] => (Allow) C:\users\rlee\desktop\column 2\utorrent.exe

FirewallRules: [{5ADDBA81-B4AB-488B-B750-2F9E5B638C3E}] => (Allow) D:\install\data\Disk1\setup.exe

FirewallRules: [{2C2D7046-0827-4882-A259-1FB8385FDAF0}] => (Allow) D:\install\data\Disk1\setup.exe

FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{917B1575-E696-49B4-BA15-820639287D4A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{378229CC-B4C1-4897-885F-D4DD8CBEC848}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{3D9F1A09-1B20-4FB9-8464-092A4FFCE239}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{1902CC2A-AEFF-496A-9700-311DD09DB5E5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{74DB7611-2DE6-4AF6-B3EB-9AA41903F267}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{8AFC8E8B-4BAE-49EE-B72F-F7580A507CB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{98384557-16D0-4914-85DF-21BE715E7392}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{50F4CB7F-5841-4E99-B958-03DEBDEBFA18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0BD1E67A-8044-4A41-9781-FD2C6D1BD36B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{AB52F371-7CC2-4368-87E3-79E011AD897A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{C6E224C6-7647-402D-AB54-8EA0ED31B258}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{EB378287-1500-463C-A091-7C8ECB4A5D2E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/23/2015 09:25:01 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80004005

 

Error: (12/23/2015 08:43:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 21614547

 

Error: (12/23/2015 08:43:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 21614547

 

Error: (12/23/2015 08:43:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/23/2015 08:43:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 21613548

 

Error: (12/23/2015 08:43:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 21613548

 

Error: (12/23/2015 08:43:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (12/23/2015 02:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 13166

 

Error: (12/23/2015 02:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 13166

 

Error: (12/23/2015 02:43:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

 

System errors:

=============

Error: (12/23/2015 02:35:00 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The Windows Update service hung on starting.

 

Error: (12/23/2015 02:28:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

 

Error: (12/23/2015 02:26:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The MBAMService service failed to start due to the following error: 

%%1053

 

Error: (12/23/2015 02:26:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

 

Error: (12/23/2015 02:25:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (12/23/2015 02:25:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Freemake Improver service failed to start due to the following error: 

%%1053

 

Error: (12/23/2015 02:25:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Freemake Improver service to connect.

 

Error: (12/23/2015 02:22:19 AM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

 

Error: (12/23/2015 02:21:55 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (12/23/2015 12:46:47 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

 

 

CodeIntegrity:

===================================

  Date: 2015-10-23 12:10:34.124

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-10-23 12:10:34.064

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-10-23 12:10:33.994

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2015-10-23 12:10:33.934

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-12-01 22:04:56.024

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-12-01 22:04:55.929

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-10 12:24:26.713

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-10 12:24:26.629

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-10 12:23:34.131

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-09-10 12:23:34.046

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\WINDOWS\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i7-2670QM CPU @ 2.20GHz

Percentage of memory in use: 77%

Total physical RAM: 8086.17 MB

Available physical RAM: 1807.77 MB

Total Virtual: 16170.54 MB

Available Virtual: 8800.71 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:119.47 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)

Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

Partition 2: (Active) - (Size=19.5 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=446.1 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif

icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hi again,

 

Thank you for reopening the thread.

 

I found out today that someone stole my Target.com e-gift cards on December 29, 2015.  As a reminder, my Apple iTunes was hacked in November, and I had some restaurant rewards points stolen in October (which I just found out about a couple weeks ago).  The person who stole my restaurant points is in Wichita, and my Target gift cards were redeemed in Wichita.

 

I fear there is spyware on my laptop.

 

I suppose it is possible that the hacker has stolen information from my iPhone.  I have just updated the OS.  I've read that updating the OS is supposed to disengage spyware.

 

I do not share my passwords with anyone.  

 

What can I do to investigate how my information is being stolen and how can I stop it?
 

Thank you very much.

Link to post
Share on other sites

  • Root Admin

Hi there. I've been asked to take a look and see if I can assist you.

 

If you've had an issue with your iPhone before and possibly continue to do so then you may want to look at doing a complete factory wipe back to the original phone. That would remove everything. It is highly unlikely thought that someone would be able to remotely hack your phone. What might be more plausible is that possibly you left your phone somewhere that someone picked up momentarily and read email that may have contained passwords or other pertinent information and they may have told someone or something like that. Tricking people into giving out information is much easier than actually compromising a phone or system.

 

Let me have you run through some scans though and we'll see what we can find on the PC.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Thanks

Link to post
Share on other sites

Hi Ron,

 

Thank you very much.  I'm very confident that no one picked up my iPhone and copied any passwords.  I don't have my full passwords stored in my phone - only partial passwords, so I believe it's spyware.  

 

When I called the restaurant rewards program to report fraud/theft, they told me it's usually spyware that allows their customers to fall victim to rewards point theft.

 

I am also certain that I have not responded to any phishing emails.  The only reason I thought maybe my iPhone had been hacked is because I had entered the Target e-gift cards into the Target website (i.e. "manage my gift cards"), and the Target e-gift cards can be viewed from either a mobile app or the full site on a desktop/laptop.

 

I'm currently backing up all my files, in case you advise me to re-install the OS.

 

I'm also currently running Windows Malicious Software Removal Tool - Dec 2015 edition (Full Scan).  

 

I will glad run ComboFix afterward.

 

Ron, would you or one of your colleagues be open to having a quick phone call or Skype with me?  I am willing to pay a reasonable fee.  I've just had a valuable Target gift card stolen, and I can't imagine how many other items might be stolen in the near future.  I hope Target Fraud will help me when they are open tomorrow.

 

I need help.  I am in Southern California, Pacific Time, if you are willing to have a call/Skype with me.  Please let me know what your fee might be.

 

Thank you,

Regina

Link to post
Share on other sites

Hi Ron,

 

10 hours later, and Windows Malicious Software Removal Tool - Dec 2015 edition (Full Scan) is still running and has a long way to go.

 

In terms of performing a factory reset on my iPhone, am I able to do a "restore" after the reset?  Or will the restore allow any potential spyware to also be restored?

 

Thank you.

Link to post
Share on other sites

Hi Ron,


 


Windows Malicious Software Removal Tool - Dec 2015 edition (Full Scan) detected no threats.


 


I performed a factory reset of my iPhone.  To be safe, I chose to download apps directly from the iTunes Store.  I did not choose to restore from a back-up.


 


I will run ComboFix in a moment.


 


I would love the chance to speak to you to see if maybe you have a guess as to how I was hacked in the first place.  It's extremely nerve-wracking to think that this could happen again.  I would also love to talk about preventative measures, if I need to use an entirely different gmail address, etc.


 


Thank you.


Link to post
Share on other sites

Hi Ron,

 

Attached please find the ComboFix log.

 

Please let me know if you or your colleague has an opening for a Skype or phone conversation.  Three hacks are not something I can shrug off.  Maybe it's a gmail-related hack.  

 

I performed a gmail-related malware investigation in October:

https://forums.malwarebytes.org/index.php?/topic/173553-possible-gmail-hack/

 

Thank you very much for your time!

 

Sincerely,

Regina

 

 

 

 

Link to post
Share on other sites

  • Root Admin

Please go into Control Panel, Add/Remove and uninstall ALL versions of Java and then run the following.
 
Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Next:
 
Please Run TFC by OldTimer to clear temporary files:
  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.


 
 

Then restart the computer and run the following scans.

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Hi Ron,

 

Thank you for the reply.  

 

Per your instructions, attached please find the following logs:

 

1) JavaRa log

2) JRT.txt

3) AdwCleaner[s0].txt

4) Malwarebytes log

5) ESET log

6) FRST.txt

7) Addition.txt

 

JavaRa.log

JRT.txt

AdwCleanerS2.txt

Malwarebytes Scan Log.txt

ESET online scanner log.txt

FRST.txt

Addition.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.