Jump to content

Windows 7 will not boot up except in Safe Mode. Suspect virus


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Howard (administrator) on HOWARD-PC (12-01-2016 12:27:45)
Running from C:\Users\Howard\Desktop
Loaded Profiles: Howard (Available Profiles: Howard & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [intelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel® Corporation)
HKLM\...\Run: [intelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1617920 2011-03-01] (Intel® Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [231328 2010-03-15] (Lenovo.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-06-12] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-06-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-06-12] (Lenovo)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202096 2010-11-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-24] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2010-11-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286272 2015-07-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [608320 2015-06-16] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-16] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Run: [best Buy pc app] => C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Howard\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Run: [Amazon Music] => C:\Users\Howard\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-07-01] ()
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Run: [uM] => C:\Users\Howard\AppData\Roaming\Update Manager\UM.EXE [807168 2015-12-06] ()
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Run: [Dropbox Update] => C:\Users\Howard\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\MountPoints2: {2381dad4-88c6-11e4-8e3c-f0def166bfa7} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\MountPoints2: {2e7e16fa-00b7-11e1-a35a-f0def166bfa7} - E:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\MountPoints2: {3fcd2a3f-1ea4-11e2-b96c-f0def166bfa7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\MountPoints2: {a1648e05-55e1-11e2-a9fc-f0def166bfa7} - E:\MotoCastSetup.exe -a
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [43816 2015-04-26] (Apple Inc.)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-06-12] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-07-17]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2015-07-19]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-12]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-12]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-06-12]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{D47607B4-B66D-48E0-B181-3251B47E5C59}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
HKU\S-1-5-21-2283999866-7880423-3631975223-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2283999866-7880423-3631975223-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2283999866-7880423-3631975223-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IP2TDF&PC=IP2TDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2283999866-7880423-3631975223-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
SearchScopes: HKU\S-1-5-21-2283999866-7880423-3631975223-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-06-17] (RealDownloader)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-21] (Kaspersky Lab ZAO)
BHO: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-06-17] (RealDownloader)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-21] (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: EgisPBIE Class -> {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} -> C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll [2010-12-13] (Egis Technology Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO)

FireFox:
========
FF ProfilePath: C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\mzwfode3.default
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-02-25] (Best Buy)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-07-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.1.9 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-07-17] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2283999866-7880423-3631975223-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Howard\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-06] (Unity Technologies ApS)
FF Extension: Ebay Shopping Assistant - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\mzwfode3.default\extensions\{84757783-797b-4a4b-b264-b59b4095a7b9}.xpi [2015-12-03]
FF Extension: Microsoft Default Manager - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\mzwfode3.default\Extensions\DefaultManager@Microsoft [2011-11-30] [not signed]
FF Extension: Slick Savings - C:\Users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\mzwfode3.default\Extensions\{54FBE89E-C878-46bb-A064-AB327EE26EBC}.xpi [2015-03-31] [not signed]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}] - C:\Program Files (x86)\EgisTec BioExcess\FFExt
FF Extension:  Online Accounts Extension  - C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011-06-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru => not found
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2015-02-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2015-02-17] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Howard\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-12] (Kaspersky Lab ZAO)
S2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2011-02-27] (Red Bend Ltd.) [File not signed]
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2010-11-02] (SEIKO EPSON CORPORATION) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2015-06-17] ()
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1115224 2015-07-17] (RealNetworks, Inc.)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [48128 2012-01-31] (FS) [File not signed]
S2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [885248 2011-02-27] (Intel® Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2010-11-02] (SEIKO EPSON CORPORATION)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-21] (Kaspersky Lab ZAO) [File not signed]
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-21] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8200552 2010-12-15] (Realtek Semiconductor Corp.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
U3 BcmSqlStartupSvc; no ImagePath
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 iATAgentService; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerService; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U3 SQLWriter; no ImagePath
U2 Stereo Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 12:27 - 2016-01-12 12:28 - 00024039 _____ C:\Users\Howard\Desktop\FRST.txt
2016-01-12 12:27 - 2016-01-12 12:27 - 00000000 ____D C:\FRST
2016-01-12 12:25 - 2016-01-12 12:25 - 02370560 _____ (Farbar) C:\Users\Howard\Desktop\FRST64.exe
2016-01-11 18:37 - 2016-01-11 18:37 - 00262144 _____ C:\windows\system32\config\elam
2016-01-02 09:02 - 2016-01-12 11:33 - 00000000 ____D C:\72d549f625671b8d129ddb
2015-12-29 21:06 - 2015-12-29 21:07 - 00270416 _____ C:\windows\Minidump\122915-45240-01.dmp
2015-12-24 19:25 - 2016-01-12 11:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-13 15:52 - 2015-12-13 15:52 - 00004385 _____ C:\Users\Howard\Documents\Alg. 2 Semester exam multiple choice 2016.tst

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-12 12:27 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-12 12:13 - 2009-07-13 23:13 - 00713888 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-12 12:13 - 2009-07-13 21:20 - 00000000 ____D C:\windows\inf
2016-01-12 12:10 - 2011-06-12 10:10 - 00185895 _____ C:\windows\system32\fastboot.set
2016-01-12 12:09 - 2012-08-03 08:02 - 00419266 _____ C:\windows\ntbtlog.txt
2016-01-12 12:07 - 2012-04-22 14:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 12:05 - 2014-11-03 14:55 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-12 12:05 - 2012-09-20 20:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-12 12:05 - 2011-06-12 10:06 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 12:05 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-12 11:44 - 2011-08-12 20:57 - 00000000 ____D C:\Users\Howard
2016-01-12 11:34 - 2015-06-16 21:23 - 00000870 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001Core.job
2016-01-12 11:33 - 2015-06-04 14:02 - 00000000 ____D C:\windows\SysWOW64\Adobe
2016-01-12 11:33 - 2015-05-06 14:56 - 00000000 ____D C:\Users\Howard\AppData\Roaming\Update Manager
2016-01-12 11:33 - 2014-11-03 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-12 11:33 - 2014-11-03 14:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-12 11:33 - 2013-02-06 06:32 - 00000000 ____D C:\Users\Guest
2016-01-12 11:33 - 2012-10-25 07:10 - 00000000 ____D C:\ProgramData\Real
2016-01-12 11:33 - 2012-05-06 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-12 11:33 - 2011-11-01 21:16 - 00000000 ____D C:\Users\Howard\AppData\Local\Akamai
2016-01-12 11:33 - 2011-08-12 20:57 - 00000000 ____D C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-01-12 11:33 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-12 11:33 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2016-01-12 11:13 - 2011-02-22 05:42 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-11 19:32 - 2009-07-13 22:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-11 19:32 - 2009-07-13 22:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-02 08:50 - 2015-06-16 21:23 - 00000922 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001UA.job
2016-01-02 08:50 - 2012-04-22 14:13 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 08:50 - 2012-04-22 14:13 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 08:50 - 2011-08-15 20:05 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 08:50 - 2011-06-12 10:06 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 21:09 - 2015-02-08 20:18 - 00000000 ___RD C:\Users\Howard\Dropbox
2015-12-29 21:09 - 2015-02-02 21:25 - 00000000 ____D C:\Users\Howard\AppData\Roaming\Dropbox
2015-12-29 21:06 - 2011-12-22 09:22 - 772339725 _____ C:\windows\MEMORY.DMP
2015-12-29 21:06 - 2011-12-22 09:22 - 00000000 ____D C:\windows\Minidump
2015-12-22 13:54 - 2015-10-25 16:55 - 00003344 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2283999866-7880423-3631975223-1001
2015-12-22 13:54 - 2015-10-25 16:55 - 00003212 _____ C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2283999866-7880423-3631975223-1001
2015-12-17 20:42 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
2015-12-15 16:52 - 2009-07-13 22:45 - 00350440 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-15 16:50 - 2013-03-13 19:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-15 16:50 - 2013-03-13 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-15 08:45 - 2011-08-12 22:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-15 08:44 - 2013-03-13 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-15 08:40 - 2013-07-19 07:07 - 00000000 ____D C:\windows\system32\MRT
2015-12-15 08:34 - 2011-08-12 21:56 - 140158008 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-12-13 16:52 - 2012-05-21 21:44 - 00003721 _____ C:\Users\Howard\AppData\Roaming\evpro32.prf
2015-12-13 15:12 - 2012-05-21 21:06 - 00001444 _____ C:\Users\Public\Desktop\ExamView Test Manager.lnk
2015-12-13 15:12 - 2012-05-21 21:06 - 00001428 _____ C:\Users\Public\Desktop\ExamView Player.lnk
2015-12-13 15:12 - 2012-05-21 21:06 - 00001419 _____ C:\Users\Public\Desktop\ExamView Test Generator.lnk
2015-12-13 15:10 - 2012-05-21 21:00 - 00000000 ____D C:\ExamView

==================== Files in the root of some directories =======

2012-05-21 21:44 - 2015-12-13 16:52 - 0003721 _____ () C:\Users\Howard\AppData\Roaming\evpro32.prf
2011-08-25 20:44 - 2012-05-14 08:22 - 0002076 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Howard\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Howard\AppData\Local\Temp\drm_dyndata_7320011.dll
C:\Users\Howard\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpewnht1.dll
C:\Users\Howard\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Howard\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Howard\AppData\Local\Temp\lowproc.exe
C:\Users\Howard\AppData\Local\Temp\rnupdate0.exe
C:\Users\Howard\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-11 21:20

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Howard (2016-01-12 12:30:58)
Running from C:\Users\Howard\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-13 02:57:04)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2283999866-7880423-3631975223-500 - Administrator - Disabled)
Guest (S-1-5-21-2283999866-7880423-3631975223-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2283999866-7880423-3631975223-1002 - Limited - Enabled)
Howard (S-1-5-21-2283999866-7880423-3631975223-1001 - Administrator - Enabled) => C:\Users\Howard

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Out of date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Out of date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3600_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Active Protection System (HKLM-x32\...\{F493761C-E465-4B9E-9FC1-A312F161DE0A}) (Version: 1.70.11 - Lenovo)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.1.171 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon Music (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Amazon Amazon Music) (Version: 3.1.0.570 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.0.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.0.0 - Amazon Services LLC) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
BioExcess (HKLM-x32\...\InstallShield_{E6CB67CC-71D2-46b9-8D43-A4641A9EECB2}) (Version: 7.0.67.0 - Egis Technology Inc.)
BioExcess (Version: 7.0.67.0 - Egis Technology Inc.) Hidden
BioExcess (x32 Version: 7.0.67.0 - Egis Technology Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_Scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3623 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EgisTec ES603 WDM Driver (HKLM-x32\...\InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}) (Version: 3.0.10.4 - Egis Technology Inc.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.50.000 - SEIKO EPSON CORPORATION)
ES603 WDM Driver (x32 Version: 3.0.10.4 - Egis Technology Inc.) Hidden
ExamView Assessment Suite (HKLM-x32\...\ExamView Pro) (Version:  - )
Free JPG to PDF Converter (HKLM-x32\...\{45D85663-82A3-4EA2-9184-96913A72CB2D}) (Version: 1.0.0 - Free PDF Solutions)
GeoGebra 4 (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\GeoGebra 4) (Version:  - International GeoGebra Institute)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP OfficeJet J3600 (HKLM\...\{ECF40A6B-F164-493E-AD93-8B9946871BC5}) (Version: 14.0 - HP)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{AF162E20-417F-4946-A06D-65734984957F}) (Version: 14.00.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{18A6B663-A646-457B-A314-5CF58AECB06A}) (Version: 6.02.1000 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
J3600_Basic (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Anti-Virus 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Anti-Virus 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0083 - Realtek Semiconductor Corp.)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Security Suite (HKLM-x32\...\InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}) (Version: 2.0.11.0 - Lenovo)
Lenovo Security Suite (x32 Version: 2.0.11.0 - Lenovo) Hidden
Lexmark Software Uninstall (HKLM\...\Lexmark_HostCD) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MathType 6 (HKLM-x32\...\DSMT6) (Version: 6.7 - Design Science, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
PdaNet for Android 3.50 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology Inc)
Pirates of the Caribbean - At Worlds End (HKLM-x32\...\{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}) (Version: 1.0 - Disney Interactive Studios)
Port Locker (HKLM-x32\...\InstallShield_{A6FEE06D-C7E1-48CB-A9DF-1E317CF83CA4}) (Version: 1.0.5.24 - Egis Technology Inc.)
Port Locker (Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Port Locker (x32 Version: 1.0.5.24 - Egis Technology Inc.) Hidden
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.0.1.10 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.0.1.9 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.1 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Settings Manager (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\Settings Manager) (Version: 21.4.0.1 - Spigot, Inc.) <==== ATTENTION
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SmartMusic (HKLM-x32\...\{42B1BDFC-9AF7-42C4-BC3C-EAED79D4DBEB}) (Version: 1.1.2204 - MakeMusic, Inc.)
SmartMusic 2012b (HKLM-x32\...\SmartMusic 2012b) (Version: 14.2.0 - MakeMusic)
SpyNet Field Office (HKLM-x32\...\com.jakks.spynet) (Version: 1.05 - UNKNOWN)
SpyNet Field Office (x32 Version: 1.05 - UNKNOWN) Hidden
SpyroDriver (HKLM-x32\...\{63104E84-532C-4011-A4F4-AD6EDF8CC214}) (Version: 1.07.0000 - FS)
SpyroPortalDriver (HKLM\...\{B2913230-094D-4F41-9EEF-CE9571C450D8}) (Version: 1.0.0 - FS)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
TestGen (HKLM-x32\...\TestGen) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2283999866-7880423-3631975223-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2283999866-7880423-3631975223-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Howard\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {022D4372-DF59-452C-9D05-E46CB816FC2A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {211443B9-5606-4787-B074-4C9A7621F985} - System32\Tasks\{97F05212-33EE-4820-9EB4-37C0581068CD} => pcalua.exe -a F:\setup.exe -d F:\
Task: {2403015C-C2B3-438F-875D-8F509C58A9D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {3FF95D90-C9EB-4F53-98CE-F8552CB4CBAB} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {4785D50A-4E41-40A9-A55C-A30DC537F20D} - System32\Tasks\{9D1C229B-3F00-4B58-A620-A3683ED2C9FA} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.10.0.114&LastError=12002
Task: {49CA191B-74B7-4EEC-A2F4-C2659F206F8A} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-06-16] ()
Task: {4E1159C1-D026-4FB0-B0D4-80CD877705F6} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {576824B3-9830-4486-9F9B-BEAC1D9FD980} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6B4BBF72-C50B-42B2-AE88-CC96F5B5EC93} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-24] (CyberLink)
Task: {7F96224A-9DA8-4895-AB94-308988315314} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {83C6BAD6-0A7D-450B-907F-1C6FC9282438} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AFE043B7-3836-4662-9BA7-1BD360589ABF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001UA => C:\Users\Howard\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {B29EFA7C-3EDA-4983-A21C-6B6C66249C9A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001Core => C:\Users\Howard\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16] (Dropbox, Inc.)
Task: {BF3AFC62-4B02-49E4-8683-4B7D2E6DD3AD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {D6B5A375-D38C-4AAF-B58C-CE8D8C8B0BCA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E005610B-B7E0-47A9-9A6F-11A388CA89F8} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2283999866-7880423-3631975223-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-06-17] (RealNetworks, Inc.)
Task: {E2C6C896-07D8-41CB-8556-B94376479C76} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001Core.job => C:\Users\Howard\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2283999866-7880423-3631975223-1001UA.job => C:\Users\Howard\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebra Forum.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.geogebra.org/forum/
ShortcutWithArgument: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebra Wiki.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://wiki.geogebra.org//
ShortcutWithArgument: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\GeoGebraTube.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.geogebratube.org/
ShortcutWithArgument: C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GeoGebra 4\www.geogebra.org.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.geogebra.org/

==================== Loaded Modules (Whitelisted) ==============

2010-11-02 06:58 - 2010-11-02 06:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-12 09:56 - 2011-06-12 09:56 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2283999866-7880423-3631975223-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Howard\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Howard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Howard^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PLTSR => "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: VitaKeyTSR => C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{FDCA0452-D02D-47F2-AA94-40CAE1F0AF86}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{92F0D262-5DEB-4A9C-AFD6-2105D6A173E0}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{83E3566B-79A3-49E0-B7E0-D1326FD4E153}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{C6258817-6561-4AF7-9507-53681D9E310D}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{EC5C27C0-5F4E-43A0-BBBF-D12E4393E9B1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{450A5B23-3A30-4718-880D-C52BDD16AC55}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{6AB490D7-B941-4906-8866-4D4E248CB3E9}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{3F37EFBA-5B93-4B06-B934-484042A76EF8}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7FCB7B09-AB50-4D2F-AFD3-ADD830940898}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A17F050-822B-434C-AC8B-527250B614AB}] => (Allow) LPort=2869
FirewallRules: [{995F03AE-C28F-4075-A7C9-FFA5E6CC9F8F}] => (Allow) LPort=1900
FirewallRules: [{0CD8D32B-A667-4871-8E91-8CB04BD5A80B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3E01772E-52EF-4E8C-80C0-9A47DF431809}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{329ABD2F-ED7B-41F3-98B9-BB9B209407B3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{2C413159-EA4D-4D8A-A7A7-14046CD5B599}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EB03C64B-25C4-4B29-8D86-8032667CA95F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{8207C55A-6AD9-4F1D-BBB2-40BFFEC31336}C:\users\howard\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\howard\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{10CAF690-C943-42ED-A482-E033FE5858B4}C:\users\howard\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\howard\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{4938E789-241B-41D5-BA5E-774CA88E3A78}C:\users\howard\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\howard\appdata\local\akamai\netsession_win.exe
FirewallRules: [uDP Query User{75C7E3DA-3EE6-4861-BAAC-DE5F435B35E3}C:\users\howard\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\howard\appdata\local\akamai\netsession_win.exe
FirewallRules: [{557CCADF-9263-4B28-8831-CB91C95E59BB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{FA73EE2F-CF41-4CCF-A13F-9ECC986F7F5E}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [uDP Query User{8D77F2E7-DC1C-46B1-9CC9-FB3B6791BFD6}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{BF10A538-76D9-4E28-AF87-3D83F5CD38CC}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [uDP Query User{8DADB78D-99B9-40E8-8247-7B1348756E38}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [{1BC7B135-18EB-47E6-8788-23F3EDF61247}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{23093702-9E53-4AAC-844E-3465655019F6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A17FA02-E994-466C-BDA7-E367664FF211}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7160C94D-ACDB-4E1D-ABBD-E251DBFA4460}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1EB2490B-2E5C-4C4A-8E18-C766158D9773}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FD946B15-9892-48D4-A837-D86B84146D9C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A618824E-6EF6-4CB2-8218-8A7020246A74}] => (Allow) C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{724E0D99-ADC9-4D2E-976E-952764C01797}] => (Allow) C:\Users\Howard\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{3F5D70BE-9672-49A4-A2CA-B746B4F78635}C:\users\howard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\howard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [uDP Query User{F9D2E10E-C348-4B43-9742-D924F8DFD3D3}C:\users\howard\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\howard\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{622516A9-B3FA-486B-8C94-3CE3B9106832}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [uDP Query User{2B1739D2-2DA3-4DA9-AE59-8010C217C055}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{4FBE9A27-FCB7-40D9-A95A-78AAE8825C50}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{4B219978-033E-4247-B67B-6403FA8B94EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{63300E5A-6539-4E4A-B58A-EBBD912DB9AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9AD7036A-E363-408A-95A6-BDF871186F64}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

15-12-2015 08:31:19 Windows Update
18-12-2015 16:09:46 Windows Update
22-12-2015 21:40:02 Windows Update
28-12-2015 00:23:22 Windows Update
02-01-2016 09:01:47 Windows Update
05-01-2016 18:15:45 Windows Update
09-01-2016 16:00:02 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2016 12:11:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 12:09:49 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

Error: (01/12/2016 11:46:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 11:30:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 11:29:38 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0xc0000022.

Error: (01/12/2016 11:07:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 10:58:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2016 09:52:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 10:01:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2016 09:55:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/12/2016 12:31:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:31:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:31:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:27:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/12/2016 12:26:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2015-03-08 20:47:48.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 20:47:48.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 20:47:48.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 20:47:48.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 20:47:48.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-08 20:47:48.028
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 21:39:16.345
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 21:39:16.343
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 21:39:16.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-09 21:39:16.311
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 20%
Total physical RAM: 6058.17 MB
Available physical RAM: 4791.66 MB
Total Virtual: 12114.55 MB
Available Virtual: 10995.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:552.22 GB) (Free:437.73 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1FC112C7)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=552.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll try to help your with your issue.
 
     
    
Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

Link to post
Share on other sites

Let's try this:
 
FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

I would like to see fresh FRST reports:
 
FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

  • 2 weeks later...

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.