Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Son's laptop ---


  • This topic is locked This topic is locked
25 replies to this topic

#1 wannawonda

wannawonda

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 29 July 2015 - 10:34 PM

My son's laptop has been infected again.  So far anti malware had detected over 100 items including trojans.  He is unable to connect to the internet at this point to update any virus, spyware or malware software.  Please help.



BC AdBot (Login to Remove)

 


#2 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 29 July 2015 - 10:57 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015

Ran by Joe (administrator) on MYPRECIOUS (29-07-2015 20:49:01)

Running from D:\

Loaded Profiles: Joe (Available Profiles: Joe)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

() C:\Program Files (x86)\Coupoon\iiwjljrnpc64.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

() C:\Program Files (x86)\Coupoon\UpdateCheck.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe

(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

(Spotify Ltd) C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

() C:\Users\Public\Documents\windows.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Users\Public\Documents\windows.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

() C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)

HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)

HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)

HKLM-x32\...\RunOnce: [SpaceSondPro_v84.1016] => C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe [33992 2015-07-13] ()

HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-15] (Spotify Ltd)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify] => C:\Users\Joe\AppData\Roaming\Spotify\spotify.exe [7168568 2015-05-15] (Spotify Ltd)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368732 2015-06-13] ()

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB

URLSearchHook: HKU\S-1-5-21-3574709052-614345936-1146494541-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = http://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f&ref=toolbox&q={searchTerms}

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3574709052-614345936-1146494541-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f&ref=toolbox&q={searchTerms}

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)

BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)

BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)

BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File

BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)

BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7

Tcpip\..\Interfaces\{A83135E4-D350-4085-95AF-908B004758A4}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7

Tcpip\..\Interfaces\{B3CA82E1-E478-4A0E-9D08-CF5FBD7F3EE7}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\7ugvkxb7.default

FF Homepage: hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f

FF SelectedSearchEngine: StartWeb

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-25] ()

FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)

FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18] ()

FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18] ()

FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18] ()

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)

FF Plugin HKU\S-1-5-21-3574709052-614345936-1146494541-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18]

FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18]

FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-18]

FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-18]

FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18]

 

Chrome:

=======

CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]

CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]

CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]

CHR Extension: (WOT) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-11]

CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]

CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]

CHR Extension: (Kaspersky Protection) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-25]

CHR Extension: (Blur) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-25]

CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]

CHR Extension: (Ghostery) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-05]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]

CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]

CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)

S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]

R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)

R2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-02] ()

S4 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)

S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)

S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)

S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)

S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)

S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)

S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-02-24] (Intel Corporation)

S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)

S4 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]

S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)

S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)

S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)

S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [76408 2015-04-11] ()

S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-03-27] (Microsoft Corporation)

R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-07-27] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)

R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)

R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)

S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)

R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-18] (Kaspersky Lab ZAO)

R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-18] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)

R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)

R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)

S3 mbamchameleon; C:\Windows\system32\drivers\66771784.sys [93400 2015-02-03] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)

R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2015-04-02] (NetFilterSDK.com)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-23] (Microsoft Corporation)

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2015-07-29 20:48 - 2015-07-29 20:49 - 00000000 ____D C:\FRST

2015-07-29 17:17 - 2015-07-29 17:17 - 00000000 ____D C:\SUPERDelete

2015-07-28 06:08 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-07-28 03:19 - 2015-07-28 03:19 - 00000000 ____D C:\Users\Joe\AppData\Roaming\EurekaLog

2015-07-28 03:07 - 2015-07-28 03:07 - 00000000 ____D C:\Users\Joe\Documents\My Cheat Tables

2015-07-27 23:44 - 2015-07-27 23:53 - 00000000 ____D C:\ProgramData\abc

2015-07-27 23:44 - 2015-07-27 23:44 - 00000000 ____D C:\ProgramData\{47d29efa-56e0-ba39-47d2-29efa56e7be9}

2015-07-27 23:44 - 2015-07-27 23:44 - 00000000 ____D C:\Program Files\Coupoon

2015-07-27 23:43 - 2015-07-28 01:04 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.1016

2015-07-27 23:43 - 2015-07-27 23:49 - 00000000 ____D C:\Program Files (x86)\Coupoon

2015-07-27 23:43 - 2015-07-27 23:47 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro

2015-07-27 23:43 - 2015-07-27 23:44 - 00000005 _____ C:\END

2015-07-27 23:42 - 2015-06-13 05:59 - 08368732 _____ C:\Users\Public\Documents\windows.exe

2015-07-27 23:38 - 2015-07-27 23:38 - 00000000 ____D C:\Program Files (x86)\app_setup

2015-07-27 23:34 - 2015-07-27 23:40 - 00000000 ____D C:\Program Files (x86)\Portable WeatherApp

2015-07-27 23:34 - 2015-07-27 23:34 - 00003652 _____ C:\Windows\System32\Tasks\IE_ERR4WDR

2015-07-27 23:34 - 2015-07-27 23:34 - 00003628 _____ C:\Windows\System32\Tasks\HDNINSTSCHD

2015-07-27 23:34 - 2015-07-27 23:34 - 00003512 _____ C:\Windows\System32\Tasks\SushiLeads

2015-07-27 23:34 - 2015-07-27 23:34 - 00003494 _____ C:\Windows\System32\Tasks\UPDTEXE4_WDR

2015-07-27 23:34 - 2015-07-27 23:34 - 00001655 _____ C:\ProgramData\tempimage.bmp

2015-07-27 23:32 - 2015-07-27 23:36 - 00000000 ____D C:\Windows\System32\Tasks\FlipBoards

2015-07-27 23:32 - 2015-07-27 23:35 - 00000000 ____D C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47

2015-07-27 23:32 - 2015-07-27 23:32 - 00004606 _____ C:\Windows\System32\Tasks\OverLook Worker

2015-07-27 23:31 - 2015-07-27 23:31 - 00000000 ____D C:\Program Files\ffsecure

2015-07-21 21:56 - 2015-07-21 21:56 - 00000000 ____D C:\Users\Joe\AppData\Local\CEF

2015-07-21 03:39 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-07-21 03:39 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-07-21 03:39 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-07-21 03:39 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-07-16 07:37 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-07-16 07:37 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-07-16 07:37 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-07-16 07:37 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-07-16 07:37 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-07-16 07:37 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-07-16 07:37 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-07-16 07:37 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-07-16 07:37 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-07-16 07:37 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-07-16 07:37 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-07-16 07:37 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-07-16 07:37 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-07-16 07:37 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-07-16 07:37 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-07-16 07:37 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-07-16 07:36 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-07-16 07:36 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-07-16 07:36 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-07-16 07:36 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-07-16 07:36 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-07-16 07:36 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-07-16 07:36 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-07-16 07:36 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-07-16 07:36 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-07-16 07:36 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-07-16 07:36 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2015-07-16 07:36 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-07-16 07:36 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-07-16 07:36 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-07-16 07:36 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-07-16 07:36 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-07-16 07:36 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-07-16 07:36 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2015-07-16 07:36 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-07-16 07:36 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2015-07-16 07:36 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2015-07-16 07:36 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2015-07-16 07:36 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2015-07-16 07:36 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2015-07-16 07:36 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-07-16 07:36 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-07-16 07:36 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2015-07-16 07:36 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-07-16 07:36 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-07-16 07:36 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-07-16 07:36 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-07-16 07:36 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2015-07-16 07:36 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2015-07-16 07:36 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

2015-07-16 07:36 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2015-07-16 07:36 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-07-16 07:36 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-07-16 07:36 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll

2015-07-16 07:36 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2015-07-16 07:36 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-07-16 07:36 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys

2015-07-16 07:36 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-07-16 07:36 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll

2015-07-16 07:36 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-07-16 07:36 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

2015-07-16 07:36 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll

2015-07-16 07:36 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll

2015-07-16 07:36 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-07-16 07:36 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-07-16 07:36 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2015-07-16 07:36 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2015-07-16 07:36 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll

2015-07-16 07:36 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll

2015-07-16 07:36 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys

2015-07-16 07:36 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys

2015-07-16 07:36 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys

2015-07-16 07:36 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys

2015-07-16 07:36 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys

2015-07-16 07:36 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys

2015-07-16 07:36 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys

2015-07-16 07:35 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll

2015-07-16 07:35 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

2015-07-16 07:35 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-07-16 07:35 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-07-16 07:35 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-07-16 07:35 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-07-16 07:35 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2015-07-16 07:35 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-07-16 07:35 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-07-16 07:35 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-07-16 07:35 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-07-16 07:35 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-07-16 07:35 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-07-16 07:35 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-07-16 07:35 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-07-16 07:35 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-07-16 07:35 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-07-16 07:35 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-07-16 07:35 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-07-16 07:35 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-07-16 07:35 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-07-16 07:35 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-07-16 07:35 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2015-07-16 07:35 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-07-16 07:35 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-07-16 07:35 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-07-16 07:35 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-07-16 07:35 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-07-16 07:35 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-07-16 07:35 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-07-16 07:35 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-07-16 07:35 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-07-16 07:35 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2015-07-16 07:35 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-07-16 07:35 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-07-16 07:35 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-07-16 07:35 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2015-07-16 07:35 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll

2015-07-16 07:35 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll

2015-07-16 07:35 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll

2015-07-16 07:35 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll

2015-07-16 07:35 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll

2015-07-16 07:35 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml

2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls

2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\system32\locale.nls

2015-07-16 07:35 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll

2015-07-16 07:35 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

2015-07-13 20:57 - 2015-07-13 20:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin

2015-07-13 20:09 - 2015-07-13 20:09 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2015-06-29 09:36 - 2015-06-29 09:36 - 00000000 _____ C:\Users\Joe\AppData\Local\{D2739118-AA15-4AAE-905C-EA0080405820}

2015-06-29 01:40 - 2015-07-13 21:07 - 00000000 ____D C:\Users\Joe\Desktop\Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-29 20:45 - 2014-12-25 12:28 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-07-29 20:41 - 2014-12-18 16:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3574709052-614345936-1146494541-1001

2015-07-29 20:31 - 2014-11-23 17:40 - 01386733 _____ C:\Windows\WindowsUpdate.log

2015-07-29 20:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru

2015-07-29 19:08 - 2015-02-03 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-07-29 18:40 - 2014-12-18 17:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2015-07-29 18:15 - 2015-02-28 18:45 - 00000000 ____D C:\Program Files (x86)\Steam

2015-07-29 18:12 - 2014-12-25 12:28 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-07-29 18:12 - 2013-08-22 07:46 - 00032500 _____ C:\Windows\setupact.log

2015-07-29 18:12 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-07-29 18:11 - 2014-03-18 02:44 - 00223158 _____ C:\Windows\PFRO.log

2015-07-29 16:51 - 2015-01-14 19:43 - 00000000 ____D C:\Users\Joe\Desktop\Things

2015-07-29 13:39 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-07-29 03:42 - 2014-12-25 11:43 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps

2015-07-28 12:54 - 2015-02-12 12:07 - 00000426 _____ C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job

2015-07-28 09:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness

2015-07-28 09:41 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp

2015-07-27 23:45 - 2014-11-23 17:40 - 00000000 ____D C:\ProgramData\Package Cache

2015-07-27 23:41 - 2015-04-11 12:23 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk

2015-07-27 23:41 - 2015-04-03 21:56 - 00002295 _____ C:\Users\Joe\Desktop\Google Chrome.lnk

2015-07-27 23:41 - 2015-03-28 15:36 - 00000967 _____ C:\Users\Joe\Desktop\Open Broadcaster Software.lnk

2015-07-27 23:41 - 2015-02-14 14:43 - 00001959 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

2015-07-27 23:41 - 2014-12-18 16:46 - 00001450 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2015-07-27 23:41 - 2014-12-18 16:46 - 00000551 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2015-07-27 23:41 - 2014-12-18 16:46 - 00000549 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk

2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk

2015-07-27 08:42 - 2014-03-18 02:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI

2015-07-26 00:59 - 2014-12-18 16:46 - 00000000 ____D C:\Users\Joe

2015-07-25 11:02 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\system32\GWX

2015-07-22 10:57 - 2013-08-22 07:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT

2015-07-22 03:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache

2015-07-21 15:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore

2015-07-21 14:57 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData

2015-07-21 05:06 - 2015-01-07 20:22 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-07-21 00:40 - 2014-11-23 17:43 - 00000000 ____D C:\ProgramData\CyberLink

2015-07-20 21:31 - 2014-12-28 10:07 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype

2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ___SD C:\Windows\system32\CompatTel

2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ____D C:\Windows\system32\appraiser

2015-07-17 17:55 - 2014-12-18 16:34 - 00000000 ____D C:\Windows\system32\MRT

2015-07-17 17:49 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-07-15 17:55 - 2015-02-10 16:46 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2015-07-15 17:55 - 2015-02-10 16:45 - 00000000 ____D C:\Program Files\Java

2015-07-15 17:55 - 2014-12-25 16:34 - 00000000 ____D C:\ProgramData\Oracle

2015-07-15 16:40 - 2014-12-25 12:28 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-07-15 16:40 - 2014-12-25 12:28 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-07-13 21:15 - 2015-02-06 09:20 - 00000000 ____D C:\Users\Joe\Desktop\Virus Scan Stuff

2015-07-13 20:59 - 2015-04-11 12:23 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-07-13 20:55 - 2015-03-11 19:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line

2015-07-13 14:10 - 2014-12-18 17:11 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-07-13 14:10 - 2014-12-18 17:11 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-07-03 08:43 - 2014-12-18 16:34 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-06-29 09:39 - 2015-02-14 14:43 - 00000000 ____D C:\Users\Joe\AppData\Local\Spotify

==================== Files in the root of some directories =======

2015-03-31 18:14 - 2015-03-31 18:14 - 0000046 _____ () C:\Users\Joe\AppData\Roaming\Camdata.ini

2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamLayout.ini

2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamShapes.ini

2015-03-31 18:14 - 2015-03-31 18:14 - 0004546 _____ () C:\Users\Joe\AppData\Roaming\CamStudio.cfg

2014-12-28 11:29 - 2014-12-29 22:16 - 0000097 _____ () C:\Users\Joe\AppData\Roaming\LauncherSettings_live.cfg

2014-12-28 11:18 - 2014-12-28 11:26 - 0008144 _____ () C:\Users\Joe\AppData\Roaming\TheHunterSettings_live.bin

2015-03-31 18:11 - 2015-03-31 18:11 - 0000096 _____ () C:\Users\Joe\AppData\Roaming\version2.xml

2015-06-29 09:36 - 2015-06-29 09:36 - 0000000 _____ () C:\Users\Joe\AppData\Local\{D2739118-AA15-4AAE-905C-EA0080405820}

2014-11-23 17:25 - 2014-11-23 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2015-07-27 23:34 - 2015-07-27 23:34 - 0001655 _____ () C:\ProgramData\tempimage.bmp

2014-11-23 17:47 - 2014-11-23 17:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log

2014-11-23 17:43 - 2014-11-23 17:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log

2014-11-23 17:44 - 2014-11-23 17:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log

2014-11-23 17:45 - 2014-11-23 17:47 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log

2014-11-23 17:43 - 2014-11-23 17:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-07-28 09:40

 

==================== End of log ============================



#3 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 31 July 2015 - 05:55 AM

Hello Wannawonda and welcome to BleepingComputer!             :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.              :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 3 days I will bump the topic, if you didn't reply in next 3 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please post addition.txt log file located in the same folder as FRST.txt.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#4 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 31 July 2015 - 07:06 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Joe (2015-07-29 20:49:48)
Running from D:\
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3574709052-614345936-1146494541-500 - Administrator - Disabled)
Guest (S-1-5-21-3574709052-614345936-1146494541-501 - Limited - Disabled)
Joe (S-1-5-21-3574709052-614345936-1146494541-1001 - Administrator - Enabled) => C:\Users\Joe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Blacklight: Retribution (HKLM-x32\...\Steam App 209870) (Version:  - Hardsuit Labs)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 8 (HKLM-x32\...\{474DFABF-E55B-4905-ABAA-40791A6AC77F}) (Version: 8.4.4.1859 - TechSmith Corporation)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Data Services (HKLM\...\{90F9BFC9-A2A9-403F-9A40-1063FAD035BA}) (Version: 1.1.6.0 - Dell Inc.)
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{BC8233D8-59BA-4D40-92B9-4FDE7452AA8B}) (Version: 3.0.3999.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{17FFE63C-6734-4950-B488-134B5A2505F7}) (Version: 2.04.0280 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.16.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{D9E0A33F-19D6-45A7-83BB-535C7B5F699B}) (Version: 1.5.3000.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Depression Quest (HKLM-x32\...\Steam App 270170) (Version:  - The Quinnspiracy)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3431 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}) (Version: 15.0.0.463 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.0.463 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
NBA 2K15 (HKLM-x32\...\Steam App 282350) (Version:  - Visual Concepts)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OverLook (HKLM-x32\...\1BAA035A-CD47-434C-9A60-F030BC74BF47) (Version: 175.0.0.1703 - Korston United)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Survarium (HKLM-x32\...\Steam App 355840) (Version:  - Vostok Games)
Survarium-Steam (HKLM-x32\...\{A3D9343D-77CD-4bf4-A47A-F87B3BE985B4}_is1) (Version: 0.27d - )
Unity Web Player (HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\UnityWebPlayer) (Version: 4.6.1f1 - Unity Technologies ApS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3574709052-614345936-1146494541-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-3574709052-614345936-1146494541-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3574709052-614345936-1146494541-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

17-07-2015 17:47:06 Windows Update
22-07-2015 03:30:10 Windows Update
27-07-2015 23:37:32 Removed WeatherApp

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {017F8676-7FE7-4759-A962-97AB3AB8B044} - System32\Tasks\{06BDD64F-3B73-4369-8764-D6976FC1E72C} => Chrome.exe http://ui.skype.com/ui/0/7.5.0.102/en/abandoninstall?page=tsProgressBar
Task: {0734EF44-DA78-4A43-AFEF-5C2F97F3B55A} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {1C35AEA5-7A94-4E83-9C05-4C27869CC44A} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3574709052-614345936-1146494541-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {1F84F30D-A1EE-47DC-8A99-225D7B1F9319} - \avaxvavya No Task File <==== ATTENTION
Task: {2044ED94-9CFC-4303-8C8D-61EB74F463BA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-09] (Microsoft Corporation)
Task: {23547AB6-69F2-48D5-813B-C748A90F83CF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {2B989A4B-625C-4F99-A9A1-D8E2DE6126D8} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {3643857C-DB4E-4F41-8A16-CC1DB23FB1A3} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {3B6D151B-E45A-40ED-B66B-0E3935E3048B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {5E359B9A-41FE-4E4E-BA87-BF5E493BACEF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5F5B5ED1-4C28-42E8-BF83-713B759B9009} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {83369C57-14FA-409C-B8AB-DFCDE03642CA} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {840D0C99-3EEF-4841-80E9-584470426689} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {865937A8-A86F-4E46-A075-A482C3EE2165} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-05-22] (Synaptics Incorporated)
Task: {8DDC1D7D-FA58-4324-AC27-A874AB56443F} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {92649A78-0A00-40BE-A006-DB54785AEBDA} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {980FDC4A-550F-4B36-8687-E20993C4D35C} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {A7BD533D-4A8D-49B0-B92F-91855061A0CB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {A84EEE02-124B-4D37-A42F-9184476F889E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A8D166EB-5C7E-470E-8961-E3280696CCE1} - System32\Tasks\{D6403866-D380-47CA-BEA1-05249A1BE2D5} => pcalua.exe -a C:\Users\Joe\Downloads\Xbox360_64Eng.exe -d C:\Users\Joe\Downloads
Task: {B1F26FD5-BC48-4927-BCA6-F24D9A16CD9C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-25] (Google Inc.)
Task: {B7161690-C439-4015-8E1B-223D792A2EE1} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C80DE0D4-C9A5-4715-B553-707454E2AB90} - \BBQLeads No Task File <==== ATTENTION
Task: {DCAEDE40-7847-496C-8A96-682F5DB896BB} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {DF155B02-D85E-4BCA-A863-62967AF60B2E} - System32\Tasks\Microsoft\Windows\Maintenance\OverLook Updater => %LOCALAPPDATA%\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe <==== ATTENTION
Task: {E2E6D4A3-8EC8-4950-8ABC-3D1804AE7C80} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-04-01] (Aviata Inc)
Task: {E3CF15B3-2FB9-4A98-8D27-590F05B2F726} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {F47DC3F5-04A3-482B-949D-EE6312936ED6} - \XXUVBT No Task File <==== ATTENTION
Task: {FE3EFFAE-2E15-4FDD-8287-5B3CB01CB223} - System32\Tasks\OverLook Worker => %LOCALAPPDATA%\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe <==== ATTENTION
Task: {FF47936E-48A0-4247-80D4-226E38B0F75E} - System32\Tasks\{1E4400DF-D35F-45B8-858F-1511467088A6} => pcalua.exe -a C:\PROGRA~2\GET_CO~1\\uninstall.exe -c /uninstaller

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-14 09:51 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-11-23 18:00 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-11-23 18:00 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-11-23 18:00 - 2014-06-04 16:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2015-01-07 20:22 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-02 15:22 - 2015-04-02 15:22 - 00172344 _____ () C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe
2015-04-02 15:22 - 2015-04-02 15:22 - 00110080 _____ () C:\Program Files (x86)\coupoon\nfapi.dll
2015-04-02 15:22 - 2015-04-02 15:22 - 00471040 _____ () C:\Program Files (x86)\coupoon\ProtocolFilters.dll
2015-07-27 23:43 - 2015-07-27 23:44 - 00053040 _____ () C:\Program Files (x86)\Coupoon\UpdateCheck.exe
2015-07-13 07:57 - 2015-07-13 07:57 - 00033992 _____ () C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe
2014-01-08 02:00 - 2014-01-08 02:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-08 01:58 - 2014-01-08 01:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 02:03 - 2014-01-08 02:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-07-27 23:42 - 2015-06-13 05:59 - 08368732 _____ () C:\Users\Public\Documents\windows.exe
2015-06-03 02:39 - 2015-06-03 02:39 - 00342616 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe
2014-03-06 16:00 - 2014-03-06 16:00 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\kpcengine.2.3.dll
2015-07-29 18:12 - 2015-07-29 18:12 - 00046080 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\_socket.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 01160704 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\_ssl.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00715264 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\_hashlib.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00686080 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\unicodedata.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00010240 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\select.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00087552 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\_ctypes.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00036352 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\_tkinter.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00027136 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\pyHook._cpyHook.pyd
2015-07-29 18:12 - 2015-07-29 18:12 - 00110080 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\pywintypes27.dll
2015-07-29 18:12 - 2015-07-29 18:12 - 00396800 _____ () C:\Users\Joe\AppData\Local\Temp\_MEI43922\pythoncom27.dll
2014-11-23 17:44 - 2013-03-04 20:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-06-03 02:39 - 2015-06-03 02:39 - 00107096 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\crm.dll
2015-06-03 02:39 - 2015-06-03 02:39 - 00093272 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\cdp.dll
2015-06-03 02:40 - 2015-06-03 02:40 - 00066136 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\pfs.dll
2015-06-03 02:41 - 2015-06-03 02:41 - 00083032 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\wss.dll
2015-06-03 02:43 - 2015-06-03 02:43 - 00092248 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\nvs.dll
2015-06-03 02:41 - 2015-06-03 02:41 - 00138840 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\wcm.dll
2015-06-03 02:39 - 2015-06-03 02:39 - 00154200 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\nls.dll
2015-06-03 02:41 - 2015-06-03 02:41 - 00043608 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\wis.dll
2015-06-03 02:39 - 2015-06-03 02:39 - 00104536 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\cus.dll
2015-07-27 23:35 - 2015-03-26 07:13 - 01091584 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\libglesv2.dll
2015-07-27 23:35 - 2015-03-26 07:13 - 00167936 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\libEGL.dll
2015-07-27 23:35 - 2015-03-26 07:39 - 08569856 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\pdf.dll
2015-07-27 23:35 - 2015-03-26 07:18 - 00324608 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\ppGoogleNaClPluginChrome.dll
2015-07-27 23:35 - 2015-03-26 07:14 - 00880128 _____ () C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\ffmpegsumo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\88454471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\88454471.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\Desktop\Things\Warriors\Rally to Stun.jpg
DNS Servers: 24.113.32.29 - 24.113.32.30
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: !SASCORE => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Dell Data Services => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: DellDigitalDelivery => 2
MSCONFIG\Services: DellProdRegManager => 3
MSCONFIG\Services: DellUpdate => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: My Dell Client Framework => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SupportAssistAgent => 2
HKLM\...\StartupApproved\Run32: => "DropboxOEM"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\StartupApproved\Run: => "Optimizer Pro"
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\StartupApproved\Run: => "Super Optimizer"
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EB16605B-AA2F-4E4B-B951-2861657D9C7A}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{1AE7E5D9-B94E-49EF-BE71-8E0C08D1D5D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0B40B037-09BF-4104-8442-395DC5D6A90B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{4929D6F8-6968-47E5-9841-C8A57AB6BD5C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5A27578F-83C7-40BB-89C1-5C1F9857879E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BF051375-9DDC-4D91-B13D-A7410E3A6FF1}] => (Allow) C:\Users\Joe\Desktop\Steam\Steam.exe
FirewallRules: [{22E12F43-1A63-49DC-B27B-44440D8F2EF4}] => (Allow) C:\Users\Joe\Desktop\Steam\Steam.exe
FirewallRules: [{0D05D097-735B-4375-B7D9-21BB0B6052A9}] => (Allow) C:\Users\Joe\Desktop\Steam\bin\steamwebhelper.exe
FirewallRules: [{3BE094E6-A6F6-43B4-B330-1EBB8A8B65DC}] => (Allow) C:\Users\Joe\Desktop\Steam\bin\steamwebhelper.exe
FirewallRules: [{A4327906-308D-4BC0-A48C-FF7A71D4DAEB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56483362-1936-4994-8C27-F3FA8525461F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A7BEC7A8-AA6A-4849-B7D6-873B45D0BC48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BB5FCEA1-9AF8-483B-9FC7-CA80BB8B5063}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C67EFD05-0A00-4013-8FB5-E6EA25A78948}] => (Allow) LPort=8317
FirewallRules: [{201BB292-DE9C-4412-89B0-92B0BC4BB726}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{EFA73BCC-1F8E-4125-8D8B-A7D28C80BD8C}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{7A4237CF-1F51-4F4F-B5E5-8E675F73A901}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{49DE5385-C9DA-4DB1-A01A-2A9D4749F2B1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{72A44618-26DE-41C4-B11C-79104376A130}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{B82C95B1-A663-4F49-9733-3108D57AC3CB}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{62EFB93D-753E-442E-8B72-9D599FB9B705}] => (Allow) C:\Users\Joe\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{969B838D-8CB9-4C48-822F-018974EC9663}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{AE15D663-BE29-44EE-A352-DFA239C32AAF}] => (Allow) LPort=2869
FirewallRules: [{B330DFAB-E4C7-4F82-8EDC-6B961D2B0453}] => (Allow) LPort=1900
FirewallRules: [{E7787A13-345F-4FA3-9FEC-7EF467E29A6F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F04999AE-A173-4D9F-A085-39CDD20299EE}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{B7548FF2-6AC0-4F43-AD0D-B98C713688C0}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\mark_of_the_ninja\bin\game.exe
FirewallRules: [{2E01909C-909F-4460-A7C9-7335615532C8}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\Combat Arms\NMService.exe
FirewallRules: [{FEC60F4C-6F8F-47AB-AB24-A8012954D013}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\Combat Arms\NMService.exe
FirewallRules: [{16C44561-3E35-4049-98E4-1F5DBD038B38}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{1B461E03-451D-4DD8-8762-6969A3BF88B1}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{848FB4FC-9ACF-47F7-A31C-37727CBE6633}] => (Allow) C:\Users\Joe\Desktop\Steam\steamapps\common\theHunter\launcher\launcher.exe
FirewallRules: [{270D6D65-5CE9-4C22-B4A2-18F50A23120E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9C134B51-0E70-4F38-A11A-EC96E2E3766F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4B5EDAB9-4896-40F4-8AEC-AA7911DE6D9D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0396797D-3971-413A-A776-08710AEB61EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{3819F792-74CB-4BCF-9A7A-BB8A864E115A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{BC3D440B-E83B-40EA-9B21-4542008655E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FFB079E3-1805-4FAB-9AFF-60513AE1C010}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{8124FC2C-D180-4BB9-892C-6B1B71671CCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{1DFF88BA-EA83-4BB9-A74E-2F0155FC50AB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{7D2E5736-9494-4B3B-92C8-51012DB3B8D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA2K15\NBA2K15.exe
FirewallRules: [{69E59941-8371-4C02-9960-2501058A460F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\NBA2K15\NBA2K15.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [{E8D80B6A-25C3-469F-A610-7BB96878D5FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{F30C7351-3FB9-4B8C-852B-03772A07FFE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{75ACC5D7-309A-45A8-BA7E-478E9FE2A743}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_launcher.exe
FirewallRules: [{5A10CD1A-BF65-4C45-831C-9D262DDE6C62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{2174D199-EC94-406F-927A-F1AB9A678ECC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{12F9C299-0AE2-4BD1-88E0-380A2B91E45C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{7361F9D2-0BB9-431E-B874-489C08392774}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{199A8025-157E-4F4C-B4BC-40796144DFE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{4E0ABEEE-3B54-450C-B8F1-A74A01768EAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium.exe
FirewallRules: [{604687A1-C037-46A5-9F13-5D9687ED2857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DepressionQuest\DepressionQuest.exe
FirewallRules: [{C363ABA1-0971-4FD8-A186-22C180D85EF8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DepressionQuest\DepressionQuest.exe
FirewallRules: [{8E1EF24D-F1D9-422C-9C7D-C870C2C0951A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{68655C38-AA9C-4472-B728-AB4FE767DE2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\blacklightretribution\Blacklight Retribution.exe
FirewallRules: [{2C674F61-078C-4D60-97DD-79C71720AD70}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CCE015AA-6D09-42DF-A8BA-F04884D48F82}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{480B8D7D-1E91-4737-AC13-81C6CED5B89C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{B4601FBE-F3E3-43C6-AB88-C4EF85A5FB4F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F6D93846-6AAA-410E-A4CA-2CFD77767E81}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79EA0455-271B-4636-97C3-45244501976F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B2B030ED-1761-4C18-9491-C6F18C71D337}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C0F00912-A165-4672-82DD-1D8EE3A41EA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{816CFF55-FD8C-4EF6-9D40-4231A4037D2A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{666CE383-5299-412F-84C7-1DBFCF68A399}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6B23326D-B353-4133-8EB3-B3D396E42A82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DF45BE21-050E-4D93-AF30-87CA3D210A9D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{076A2EDB-7BFD-4EB1-8E28-00064FD531C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{796D4263-BFED-4320-9B8F-E4D12E02E74B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B752FE4F-A3A1-4360-A378-C47688C4ABD1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6B0C071E-60C7-485E-9A39-62EC366A8D49}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3B9703CE-31CC-4F04-A448-BCD66EB07681}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{95617DAD-2237-4268-8277-A3A3DCDA074D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2CEFED53-8049-4BAD-8FE0-C08FC0FD52AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4A31F96B-32B0-4576-888E-FA5D31140C22}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B39FB9AD-6DE3-4133-B61F-1FCC0D0A039E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1366B87-0645-4E64-A961-05E8003A56FD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BC14A105-467A-4C35-8495-0D1D2A118325}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7DB94C36-124C-4C76-BECB-0AE877D25F63}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F699CC4E-FBD6-445E-A584-9EC3F3C497D0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{A104EA0E-1D90-47CA-AD90-0F82DEE0F29F}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BFB9D159-FF06-4F82-89A5-070CDA9CDAB7}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe
FirewallRules: [{19EF78B7-B26B-4856-9D49-8B90A2426FB6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5B7644AE-813A-49C4-A128-27F0B98013AF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{020EEBEB-B394-48CD-B2DB-26A5723E4348}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1BB9C625-A6EE-4915-ACED-4189FBD34AC5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F1FB661D-C8B2-43E9-99DF-B5695225EC6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E4BB46D6-B290-4896-B4D1-09A47FAD0BA7}] => (Allow) C:\Users\Joe\AppData\Roaming\TWV\TWV.exe
FirewallRules: [{ED8CD783-7BDE-4794-865A-D51040467D77}] => (Allow) C:\Users\Joe\AppData\Roaming\TWV\upd.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2015 08:48:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifest.

Error: (07/29/2015 06:06:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avpui.exe version 15.0.0.463 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f0c

Start Time: 01d0ca3ee1f7d86d

Termination Time: 60000

Application Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe

Report Id: 156b6890-3657-11e5-82b0-74e6e2268b06

Faulting package full name:

Faulting package-relative application ID:

Error: (07/29/2015 05:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program avpui.exe version 15.0.0.463 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f0c

Start Time: 01d0ca3ee1f7d86d

Termination Time: 60000

Application Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe

Report Id: b36949ec-3651-11e5-82b0-74e6e2268b06

Faulting package full name:

Faulting package-relative application ID:

Error: (07/29/2015 03:41:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Runner.exe, version: 0.0.0.0, time stamp: 0x556ecac6
Faulting module name: nvs.dll, version: 0.0.0.0, time stamp: 0x556ecc4e
Exception code: 0xc00000fd
Fault offset: 0x00002913
Faulting process id: 0x128c
Faulting application start time: 0xRunner.exe0
Faulting application path: Runner.exe1
Faulting module path: Runner.exe2
Report Id: Runner.exe3
Faulting package full name: Runner.exe4
Faulting package-relative application ID: Runner.exe5

Error: (07/28/2015 02:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x734
Faulting application start time: 0xiiwjljrnpc64.exe0
Faulting application path: iiwjljrnpc64.exe1
Faulting module path: iiwjljrnpc64.exe2
Report Id: iiwjljrnpc64.exe3
Faulting package full name: iiwjljrnpc64.exe4
Faulting package-relative application ID: iiwjljrnpc64.exe5

Error: (07/28/2015 02:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17667, time stamp: 0x54c6f7c2
Faulting module name: AltTab.dll, version: 6.3.9600.17415, time stamp: 0x54503a70
Exception code: 0xc0000094
Fault offset: 0x000000000000aa74
Faulting process id: 0x788
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5

Error: (07/28/2015 02:46:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000094, exception address 00007FF8DE59AA74

Error: (07/27/2015 11:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iiwjljrnpc64.exe, version: 0.0.0.0, time stamp: 0x551bf9ee
Faulting module name: ntdll.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
Exception code: 0xc0000374
Fault offset: 0x00000000000f0f20
Faulting process id: 0x164c
Faulting application start time: 0xiiwjljrnpc64.exe0
Faulting application path: iiwjljrnpc64.exe1
Faulting module path: iiwjljrnpc64.exe2
Report Id: iiwjljrnpc64.exe3
Faulting package full name: iiwjljrnpc64.exe4
Faulting package-relative application ID: iiwjljrnpc64.exe5

Error: (07/27/2015 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/27/2015 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/29/2015 08:48:08 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 08:32:47 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 08:01:34 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 06:34:19 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 06:12:14 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (07/29/2015 06:12:14 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (07/29/2015 05:21:56 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 05:12:22 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 04:53:04 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/29/2015 04:44:51 PM) (Source: DCOM) (EventID: 10016) (User: MYPRECIOUS)
Description: application-specificLocalActivation{4991D34B-80A1-4291-83B6-3328366B9097}{69AD4AEE-51BE-439B-A92C-86AE490E8B30}MYPRECIOUSJoeS-1-5-21-3574709052-614345936-1146494541-1001LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (07/29/2015 08:48:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_6240b9c7ecbd0bda.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17810_none_a9edf09f013934e0.manifestD:\esetsmartinstaller_enu.exe

Error: (07/29/2015 06:06:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avpui.exe15.0.0.463f0c01d0ca3ee1f7d86d60000C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe156b6890-3657-11e5-82b0-74e6e2268b06

Error: (07/29/2015 05:28:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avpui.exe15.0.0.463f0c01d0ca3ee1f7d86d60000C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exeb36949ec-3651-11e5-82b0-74e6e2268b06

Error: (07/29/2015 03:41:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Runner.exe0.0.0.0556ecac6nvs.dll0.0.0.0556ecc4ec00000fd00002913128c01d0c9b0c4a4009fC:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exeC:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Modules\nvs.dll52c49170-35de-11e5-82af-74e6e2268b06

Error: (07/28/2015 02:52:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.3.9600.17736550f4336c000037400000000000f0f2073401d0c91b1dc6eb5bC:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dll65e9ca78-350e-11e5-82ae-74e6e2268b06

Error: (07/28/2015 02:46:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1766754c6f7c2AltTab.dll6.3.9600.1741554503a70c0000094000000000000aa7478801d0c778f5c21e5bC:\Windows\Explorer.EXEC:\Windows\System32\AltTab.dll7a1f1ce5-350d-11e5-82ad-74e6e2268b06

Error: (07/28/2015 02:46:03 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000094, exception address 00007FF8DE59AA74

Error: (07/27/2015 11:48:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iiwjljrnpc64.exe0.0.0.0551bf9eentdll.dll6.3.9600.17736550f4336c000037400000000000f0f20164c01d0c900e60a5565C:\Program Files (x86)\coupoon\iiwjljrnpc64.exeC:\Windows\SYSTEM32\ntdll.dlla555427f-34f4-11e5-82ad-74e6e2268b06

Error: (07/27/2015 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

Error: (07/27/2015 11:44:54 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe


CodeIntegrity:
===================================
  Date: 2015-07-27 23:53:06.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:53:00.588
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:52:25.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:52:25.098
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:52:23.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:52:22.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:52:10.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:50:01.342
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:49:59.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-07-27 23:49:58.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\SpaceSoundPro\SpaceSoundPro.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 47%
Total physical RAM: 4000.18 MB
Available physical RAM: 2102.27 MB
Total Virtual: 6816.18 MB
Available Virtual: 4437.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.94 GB) (Free:753.66 GB) NTFS
Drive d: (Jul 29 2015) (CDROM) (Total:4.38 GB) (Free:4.24 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0103A846)

Partition: GPT Partition Type.

==================== End of log ============================



#5 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 01 August 2015 - 01:01 PM

Hi. wannawonda.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-------------

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#6 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 01 August 2015 - 02:35 PM

# AdwCleaner v4.208 - Logfile created 01/08/2015 at 11:54:16
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Joe - MYPRECIOUS
# Running from : D:\AdwCleaner(1).exe
# Option : Scan

***** [ Services ] *****

Service Found : netfilter64
Service Found : CoupoonService64
Service Found : UpdateCheck

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage
File Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_start.iminent.com_0.localstorage-journal
File Found : C:\Windows\System32\drivers\netfilter64.sys
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\app_setup
Folder Found : C:\Program Files (x86)\Coupoon
Folder Found : C:\Program Files (x86)\coupoon
Folder Found : C:\Program Files (x86)\Portable WeatherApp
Folder Found : C:\Program Files\coupoon
Folder Found : C:\Program Files\Coupoon
Folder Found : C:\ProgramData\{47d29efa-56e0-ba39-47d2-29efa56e7be9}
Folder Found : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FlashGamesRockstar

***** [ Scheduled tasks ] *****

Task Found : amiupdaterExd
Task Found : amiupdaterExi
Task Found : UPDTEXE4_WDR
Task Found : IE_ERR4WDR
Task Found : SushiLeads

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\KanarCore
Key Found : HKCU\Software\PRODUCTSETUP
Key Found : HKCU\Software\TWV OK
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Key Found : [x64] HKCU\Software\Microsoft\KanarCore
Key Found : [x64] HKCU\Software\PRODUCTSETUP
Key Found : [x64] HKCU\Software\TWV OK
Key Found : HKLM\SOFTWARE\1BAA035A-CD47-434C-9A60-F030BC74BF47
Key Found : HKLM\SOFTWARE\Br MediaPlayer
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Found : HKLM\SOFTWARE\Classes\Iminent
Key Found : HKLM\SOFTWARE\Coupoon
Key Found : HKLM\SOFTWARE\coupoon
Key Found : HKLM\SOFTWARE\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Found : HKLM\SOFTWARE\NpApp
Key Found : [x64] HKLM\SOFTWARE\coupoon
Key Found : [x64] HKLM\SOFTWARE\Coupoon
Key Found : [x64] HKLM\SOFTWARE\Iminent
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f

-\\ Mozilla Firefox v

[7ugvkxb7.default] - Line Found : user_pref("iminent.BirthDate", "1438065583");
[7ugvkxb7.default] - Line Found : user_pref("iminent.cifs", "1");
[7ugvkxb7.default] - Line Found : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f");

-\\ Google Chrome v44.0.2403.107

[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_coinis_15_13&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtBtByCzz0BtDyCzztD0AzytN0D0Tzu0StCtCyBzytN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0F0A0A0EyEtG0C0B0CzztG0CzzyDtDtGzz0F0CzytGtAtD0F0DyByDyCtB0DtCtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyC0DyCyD0C0DtGyCyEtAtDtGyEtB0B0FtG0A0A0EtCtG0Azy0CtAtBtCtC0D0F0C0F0B2QtN0A0LzuyE%26cr%3D387664351%26a%3Dwny_coinis_15_13%26os%3DWindows 8.1&p={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f&ref=toolbox&q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://store.steampowered.com/","homepage_is_newtabpage":false,"pinned_tabs":[],"prefs":{"preference_reset_time":"13078085400172612"},"protection":{"macs":{"browser":{"show_home_button":"8D16E33BB8E56A114B2D9F791FC23025A2E21AFBCE7AEC6A405076FEABEB04F2"},"default_search_provider":{"keyword":"269FE300D45B1970CF2F6E2059ED6029BBD51965051A38A8A60343233DB23A69","name":"8A5855F1244CCC720BBAA58A953A88EC1D6F5060B5616B8B5B15EFCF9505F2D3","search_url":"F99E2685557AF08759CF9301A1D183D1FD517032DDA37DFDF2B4509E7DBF02C2"},"default_search_provider_data":{"template_url_data":"678ECB30FC6D9B5B93A33580F7348B4C344D582FA02513F7C4ED900AF11B3863"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"293333264A7DDF036286CE627F244C97F9D35319FEAECBE9B012518B250E858C","ahfgeienlihckogmohjhadlkjgocpleb":"70D3ACABA5F7E9ED86F9C3E7007A58158A660B9BBA279079BDF4AB742C364C91","aohghmighlieiainnegkcijnfilokake":"A5EFBF8996999F444D75C5268AB6474766822203A43B2F8C0B2A55E0F17C222A","apdfllckaahabafndbhieahigkjlhalf":"4FF4B930788094DD9D4265E52669E1A8F13596FC8E187AE4AB85A7CC2A076AF1","bepbmhgboaologfdajaanbcjmnhjmhfn":"1BD625E7EA5692873A54AF83DA796FDD84695485BB116AE7C244BE468B52E534","bhmmomiinigofkjcapegjjndpbikblnp":"F4EACE7504E72A60D52F120C32BF5341D17DADE29E1A6B5ACD341E4D8201388C","blpcfgokakmgnkcojhhkbfbldkacnbeo":"3754821314B5993E1685A220C8FFB22C0278F8D3F16A2F11E72EBEEA5B5B9308","coobgpohoikkiipiblmjeljniedjpjpf":"687BC430D18E37783584375E8D8C8BE02FBE27827048A47DCE1CBEE041716A46","dbhjdbfgekjfcfkkfjjmlmojhbllhbho":"B790DB52E4A46E2F5364D6562B26E59509C3E990A32783522E3BF1C9174E01B6","dnhpdliibojhegemfjheidglijccjfmc":"B76C3D4EA0566620E051DC0D61FA873CF39BFC95434E610E08B6062E9051B34A","eemcgdkfndhakfknompkggombfjjjeno":"E74F6CEFBB4A52D2732A9305A43D3D6FFD031B443E4E5B24366A2624D71B35AA","ennkphjdgehloodpbhlhldgbnhmacadg":"087678E60DD5CFF3F16E540A38762FAE61C82C7DAC32C4838C768EC16B46A44E","epanfjkfahimkgomnigadpkobaefekcd":"6C13EAECFE79612AFD1241EC4D5016B247B5F9EE0B5687C0278C823D0C481006","felcaaldnbdncclmgdcncolpebgiejap":"F4CE7E2C954E414D966C93B6ACBA5AAB9069E0FB3285BE77FFBCD697252FAC28","gfdkimpbcpahaombhbimeihdjnejgicl":"F2D245B75602CB9B233F90080B6739A5118EA98A3FDCECB8665F6E3919D0AC97","kmendfapggjehodndflmmgagdbamhnfd":"061B5DDC451B7C407B494B81117DB0A202DBDAFC7BAD5BC953F19CCE4FE35F18","lccekmodgklaepjeofjdjpbminllajkg":"B574429CD193526E3D315D6C2B31187D82BF0369EC5EBA0FFFA76C015F65F6C3","mfehgcgbbipciphmccgaenjidiccnmng":"651E9A17D9F2A71A4EFBEF49B55199C7BED83C366E8889B822552FBDC07FA963","mfffpogegjflfpflabcdkioaeobkgjik":"A155395FCC2A0853AE80A0DBE5050D358C9CC90567D48F802318C698D404662F","mgndgikekgjfcpckkfioiadnlibdjbkf":"335630BC616C1C8C09F7FC21D0CCC6BC96F8310D0C7CE714BE45BF4108EE465B","mhjfbmdgcfjbbpaeojofohoefgiehjai":"55EA900A64787A079ECC1F8518F5E64277F1CFDCE6305DD24776523327000856","mlomiejdfkolichcflejclcbmpeaniij":"8A4546E03E293763268EA1089FB789021C18343B2AABC8379668A411B46ADDBD","nbpagnldghgfoolbancepceaanlmhfmd":"E084485D116158C79BDEE8C35ACAC7C3C02138881BFAED3A90E29B45DF007DE8","neajdppkdcdipfabeoofebfddakdcjhd":"DABAB749FAE5C42B419CF7147E448F5739CAB457F024E45A22689E5F45E4AC74","nkeimhogjdpnpccoofpliimaahmaaome":"069468FF494776ED1A3E7E4A9AC38204AF87C18D99A917AB01E1F20ACC555244","nmmhkkegccagdldgiimedpiccmgmieda":"989B555B9F45A66F4B3EBA56E1B10A6E860885014E045267753CDE884AF826F2","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"E3C622DABE6C8484FFC87C848E01E261285D57BD0C88D28B6A95BCD23919D5CF","pjkljhegncpnkpknbcohdijeoejaedia":"AA60CBABDC56D413D00453E4007F2400C899CB5A2340E322468FA201BA1A1080"}},"google":{"services":{"account_id":"CEEB18FC2540EF2AAAADD72808C1638A0EB10990B06EB859BE968E1C2BD7B26E","last_username":"B7802617AC3A1B76DB5B17737755D2013B766FC2973A53F334A9F5BCCC10D75D","username":"A51ABCE9834527BA83F9F9EB634D3ECEB8C749A5B61F901507C531879F65E6EF"}},"homepage":"DFA4D77BCA47EB5338E4998679677A542DE72B5F2320C6AB5E4DE582AAB52C5A","homepage_is_newtabpage":"4A0C435374FB1FD5F18FA567D59514F31966AA96AB926D5CA3570518140B7BFA","pinned_tabs":"9E0C7E0B6E3A3948BAF210F60BB0054FFA3DD2E89EAD82BDB188CCC14EFDDE33","prefs":{"preference_reset_time":"DCB95771539C217B1DAC8136B96F0B7F726B52329A7211C7D06D4E8856ACDF27"},"profile":{"reset_prompt_memento":"1530C50C7354DE5DB66C7C9CFA6D37C8874829C2F6CE16A212D5A9751E3818E1"},"safebrowsing":{"incidents_sent":"73AB56A564E4AAD787DFF221C1B0DD51126E5EB8DDF0E6A30DCDB8637F429B36"},"search_provider_overrides":"3F6C1AAFC5782ADC8307B19B2942157C3989B8F4E4380B030F318862409D8C8F","session":{"restore_on_startup":"25B368CC9FFA0E57C2B1BB40429896CA1B2E602467E0FB07AFE46973911C24E9","startup_urls":"34F6169A461AA3C09AE231F32C36CD40BFBC19E9849129C6ACD1DB0DCB067C63"},"software_reporter":{"prompt_reason":"7F98C2486BFA2D496BDE2086912D2ED72229D5733D60E43D83ED9B6D353B5903","prompt_seed":"EFBAC8F984E52D9F827520C2C658296302B1B5A226CC3408EA4801977175DE4B","prompt_version":"A201CB74A95E52477B3B776028909C590A7B46AF9EE30EA405E7543527E951BA"},"sync":{"remaining_rollback_tries":"36F6A7F333396D3F3A27C5DAAB6EC28FCE0B2716EDCAE70D2A1EED36185D225E"}},"super_mac":"BBF4482A06399D20A7E97A20D2367B223B97BD85CEB9724D4695C8CA04AEF3E7"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : 34F6169A461AA3C09AE231F32C36CD40BFBC19E9849129C6ACD1DB0DCB067C63"},"software_reporter":{"prompt_reason":"7F98C2486BFA2D496BDE2086912D2ED72229D5733D60E43D83ED9B6D353B5903","prompt_seed":"EFBAC8F984E52D9F827520C2C658296302B1B5A226CC3408EA4801977175DE4B","prompt_version":"A201CB74A95E52477B3B776028909C590A7B46AF9EE30EA405E7543527E951BA"},"sync":{"remaining_rollback_tries":"36F6A7F333396D3F3A27C5DAAB6EC28FCE0B2716EDCAE70D2A1EED36185D225E"}},"super_mac":"BBF4482A06399D20A7E97A20D2367B223B97BD85CEB9724D4695C8CA04AEF3E7"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f

*************************

AdwCleaner[R0].txt - [5589 bytes] - [06/06/2015 10:39:15]
AdwCleaner[R1].txt - [12123 bytes] - [29/07/2015 21:04:09]
AdwCleaner[R2].txt - [11951 bytes] - [01/08/2015 11:54:16]
AdwCleaner[S0].txt - [5671 bytes] - [06/06/2015 10:41:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [12070 bytes] ##########
 



#7 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 01 August 2015 - 11:23 PM

Hi wannawonda.

 

Double click on AdwCleaner.exe to run the tool again. Vista/Windows 7/8 users right-click and select Run As Administrator

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

-------------

 

After the fix has been completed, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#8 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 August 2015 - 01:50 PM

# AdwCleaner v4.208 - Logfile created 02/08/2015 at 11:35:44
# Updated 09/07/2015 by Xplode
# Database : 2015-07-09.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Joe - MYPRECIOUS
# Running from : D:\AdwCleaner(1).exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : netfilter64
[#] Service Deleted : CoupoonService64
[#] Service Deleted : UpdateCheck

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\{47d29efa-56e0-ba39-47d2-29efa56e7be9}
Folder Deleted : C:\Program Files (x86)\coupoon
Folder Deleted : C:\Program Files (x86)\app_setup
Folder Deleted : C:\Program Files (x86)\Portable WeatherApp
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\FlashGamesRockstar
Folder Deleted : C:\Program Files\coupoon
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-

extension_adpeheiliennogfclcgmchdfdmafjegc_0.localstorage
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage

\hxxp_start.iminent.com_0.localstorage
File Deleted : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Local Storage

\hxxp_start.iminent.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

Task Deleted : amiupdaterExd
Task Deleted : amiupdaterExi
Task Deleted : UPDTEXE4_WDR
Task Deleted : IE_ERR4WDR
Task Deleted : SushiLeads

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Iminent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Deleted : HKLM\SOFTWARE\1BAA035A-CD47-434C-9A60-F030BC74BF47
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D6A5312-AB4D-41AA-8BED-0E019B87CA11}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-

46F8-9130-01B2696B36CB}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-

4964-A550-77D263B0CCCB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-

B3D4-4964-A550-77D263B0CCCB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-

A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-

47CC-AED0-23F4E6D77732}
Key Deleted : HKCU\Software\Microsoft\KanarCore
Key Deleted : HKCU\Software\TWV OK
Key Deleted : HKCU\Software\PRODUCTSETUP
Key Deleted : HKLM\SOFTWARE\Iminent
Key Deleted : HKLM\SOFTWARE\NpApp
Key Deleted : HKLM\SOFTWARE\coupoon
Key Deleted : HKLM\SOFTWARE\Br MediaPlayer
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Key Deleted : [x64] HKLM\SOFTWARE\coupoon

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[7ugvkxb7.default\prefs.js] - Line Deleted : user_pref("iminent.BirthDate", "1438065583");
[7ugvkxb7.default\prefs.js] - Line Deleted : user_pref("iminent.cifs", "1");
[7ugvkxb7.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage",

"hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-55cf3693c11f");

-\\ Google Chrome v44.0.2403.107

[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-

fullyhosted_003&type=wny_coinis_15_13&param1=1&param2=f%3D4%26b%3DChrome%26cc

%3Dus%26pa%3DWinYahoo%26cd

%3D2XzuyEtN2Y1L1QzuyByE0EyC0EtBtByCzz0BtDyCzztD0AzytN0D0Tzu0StCtCyBzytN1L2Xzut

AtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyC0AtC0F0A0A0EyEtG0C0B0CzztG0CzzyDt

DtGzz0F0CzytGtAtD0F0DyByDyCtB0DtCtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EtCyC0DyCyD0

C0DtGyCyEtAtDtGyEtB0B0FtG0A0A0EtCtG0Azy0CtAtBtCtC0D0F0C0F0B2QtN0A0LzuyE%26cr

%3D387664351%26a%3Dwny_coinis_15_13%26os%3DWindows 8.1&p={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://start.iminent.com/?appId=6aebd003-cb89-43a3-9a62-

55cf3693c11f&ref=toolbox&q={searchTerms}
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted

[Homepage] :
[C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted

[Startup_URLs] :

34F6169A461AA3C09AE231F32C36CD40BFBC19E9849129C6ACD1DB0DCB067C63"},"software_

reporter":

{"prompt_reason":"7F98C2486BFA2D496BDE2086912D2ED72229D5733D60E43D83ED9B6D353B5

903","prompt_seed":"EFBAC8F984E52D9F827520C2C658296302B1B5A226CC3408EA4801977175

DE4B","prompt_version":"A201CB74A95E52477B3B776028909C590A7B46AF9EE30EA405E754352

7E951BA"},"sync":

{"remaining_rollback_tries":"36F6A7F333396D3F3A27C5DAAB6EC28FCE0B2716EDCAE70D2A1E

ED36185D225E"}},"super_mac":"BBF4482A06399D20A7E97A20D2367B223B97BD85CEB9724D46

95C8CA04AEF3E7"},"session":{"restore_on_startup":4,"startup_urls":["hxxp://start.iminent.com/?

appId=6aebd003-cb89-43a3-9a62-55cf3693c11f

*************************

AdwCleaner[R0].txt - [5589 bytes] - [06/06/2015 10:39:15]
AdwCleaner[R1].txt - [12123 bytes] - [29/07/2015 21:04:09]
AdwCleaner[R2].txt - [12186 bytes] - [01/08/2015 11:54:16]
AdwCleaner[R3].txt - [12246 bytes] - [02/08/2015 11:34:46]
AdwCleaner[S0].txt - [5671 bytes] - [06/06/2015 10:41:30]
AdwCleaner[S1].txt - [6626 bytes] - [02/08/2015 11:35:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [6685  bytes] ##########
 



#9 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 02 August 2015 - 02:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Joe (administrator) on MYPRECIOUS (02-08-2015 11:54:20)
Running from D:\
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Spotify Ltd) C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Public\Documents\windows.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Public\Documents\windows.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe
(The Chromium Authors) C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47\Navigate\Navigate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SpaceSondPro_v84.1016] => C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe [33992 2015-07-13] ()
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-15] (Spotify Ltd)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify] => C:\Users\Joe\AppData\Roaming\Spotify\spotify.exe [7168568 2015-05-15] (Spotify Ltd)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368732 2015-06-13] ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{A83135E4-D350-4085-95AF-908B004758A4}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{B3CA82E1-E478-4A0E-9D08-CF5FBD7F3EE7}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\7ugvkxb7.default
FF SelectedSearchEngine: StartWeb
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3574709052-614345936-1146494541-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18]

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (WOT) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-11]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-25]
CHR Extension: (Blur) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Ghostery) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S4 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-02-24] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S4 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [76408 2015-04-11] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-03-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 mbamchameleon; C:\Windows\system32\drivers\66771784.sys [93400 2015-02-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-23] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-02 11:52 - 2015-08-02 11:52 - 00000000 ____D C:\Users\Joe\AppData\Local\TempTaskUpdateDetection54F4F291-8448-408E-98E2-867461AAEDE0
2015-08-02 11:31 - 2015-08-02 11:31 - 00002348 _____ C:\Users\Joe\Desktop\Safe Money.lnk
2015-07-29 20:48 - 2015-08-02 11:54 - 00000000 ____D C:\FRST
2015-07-29 17:17 - 2015-07-29 17:17 - 00000000 ____D C:\SUPERDelete
2015-07-28 06:08 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 03:19 - 2015-07-28 03:19 - 00000000 ____D C:\Users\Joe\AppData\Roaming\EurekaLog
2015-07-28 03:07 - 2015-07-28 03:07 - 00000000 ____D C:\Users\Joe\Documents\My Cheat Tables
2015-07-27 23:44 - 2015-07-27 23:53 - 00000000 ____D C:\ProgramData\abc
2015-07-27 23:43 - 2015-07-28 01:04 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro_v84.1016
2015-07-27 23:43 - 2015-07-27 23:47 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-07-27 23:42 - 2015-06-13 05:59 - 08368732 _____ C:\Users\Public\Documents\windows.exe
2015-07-27 23:34 - 2015-07-27 23:34 - 00003628 _____ C:\Windows\System32\Tasks\HDNINSTSCHD
2015-07-27 23:34 - 2015-07-27 23:34 - 00001655 _____ C:\ProgramData\tempimage.bmp
2015-07-27 23:32 - 2015-07-27 23:36 - 00000000 ____D C:\Windows\System32\Tasks\FlipBoards
2015-07-27 23:32 - 2015-07-27 23:35 - 00000000 ____D C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47
2015-07-27 23:32 - 2015-07-27 23:32 - 00004606 _____ C:\Windows\System32\Tasks\OverLook Worker
2015-07-27 23:31 - 2015-07-27 23:31 - 00000000 ____D C:\Program Files\ffsecure
2015-07-21 21:56 - 2015-07-21 21:56 - 00000000 ____D C:\Users\Joe\AppData\Local\CEF
2015-07-21 03:39 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 03:39 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 03:39 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 03:39 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 07:37 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-16 07:37 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-16 07:37 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-16 07:37 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-16 07:37 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-16 07:37 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-16 07:37 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-16 07:37 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-16 07:37 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-16 07:37 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-16 07:37 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-16 07:37 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-16 07:37 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-16 07:37 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-16 07:37 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-16 07:37 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-16 07:36 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-16 07:36 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-16 07:36 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-16 07:36 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-16 07:36 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-16 07:36 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-16 07:36 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-16 07:36 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-16 07:36 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-16 07:36 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-16 07:36 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 07:36 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 07:36 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 07:36 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-16 07:36 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 07:36 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-16 07:36 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-16 07:36 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 07:36 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 07:36 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 07:36 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-16 07:36 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-16 07:36 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 07:36 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-16 07:36 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-16 07:36 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 07:36 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 07:36 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 07:36 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 07:36 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 07:36 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-16 07:36 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-16 07:36 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-16 07:36 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-16 07:36 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-16 07:36 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-16 07:36 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-16 07:36 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-16 07:36 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-16 07:36 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-16 07:36 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-16 07:36 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-16 07:36 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-16 07:36 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-16 07:36 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 07:36 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 07:36 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-16 07:36 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-16 07:36 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-16 07:36 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-16 07:36 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-16 07:36 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-16 07:36 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-16 07:36 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-16 07:35 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 07:35 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-16 07:35 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-16 07:35 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-16 07:35 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-16 07:35 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-16 07:35 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-16 07:35 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-16 07:35 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-16 07:35 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-16 07:35 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-16 07:35 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-16 07:35 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-16 07:35 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-16 07:35 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-16 07:35 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-16 07:35 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-16 07:35 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-16 07:35 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-16 07:35 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-16 07:35 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-16 07:35 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-16 07:35 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-16 07:35 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-16 07:35 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-16 07:35 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-16 07:35 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-16 07:35 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-16 07:35 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-16 07:35 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-16 07:35 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-16 07:35 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-16 07:35 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-16 07:35 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-16 07:35 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-16 07:35 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 07:35 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-16 07:35 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-16 07:35 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-16 07:35 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-16 07:35 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-16 07:35 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 07:35 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-16 07:35 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-16 07:35 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-07-13 20:57 - 2015-07-13 20:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-07-13 20:09 - 2015-07-13 20:09 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-02 11:53 - 2015-02-28 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-02 11:45 - 2014-12-25 12:28 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-02 11:39 - 2014-11-23 17:40 - 01787866 _____ C:\Windows\WindowsUpdate.log
2015-08-02 11:37 - 2014-12-25 12:28 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-02 11:37 - 2014-12-18 17:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-02 11:36 - 2013-08-22 07:46 - 00032732 _____ C:\Windows\setupact.log
2015-08-02 11:36 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-02 11:35 - 2015-06-06 10:39 - 00000000 ____D C:\AdwCleaner
2015-08-02 11:31 - 2014-12-18 16:46 - 00000000 ____D C:\Users\Joe
2015-08-02 10:00 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-01 12:11 - 2015-02-12 12:07 - 00000426 _____ C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-08-01 10:50 - 2015-02-02 18:16 - 00000569 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-31 17:02 - 2014-03-18 02:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-30 16:57 - 2015-02-03 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 20:41 - 2014-12-18 16:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3574709052-614345936-1146494541-1001
2015-07-29 18:11 - 2014-03-18 02:44 - 00223158 _____ C:\Windows\PFRO.log
2015-07-29 16:51 - 2015-01-14 19:43 - 00000000 ____D C:\Users\Joe\Desktop\Things
2015-07-29 13:39 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-29 03:42 - 2014-12-25 11:43 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2015-07-28 09:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-28 09:41 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-27 23:45 - 2014-11-23 17:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-27 23:41 - 2015-04-11 12:23 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-27 23:41 - 2015-04-03 21:56 - 00002295 _____ C:\Users\Joe\Desktop\Google Chrome.lnk
2015-07-27 23:41 - 2015-03-28 15:36 - 00000967 _____ C:\Users\Joe\Desktop\Open Broadcaster Software.lnk
2015-07-27 23:41 - 2015-02-14 14:43 - 00001959 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00001450 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00000551 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00000549 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-25 11:02 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 10:57 - 2013-08-22 07:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 03:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-07-21 15:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore
2015-07-21 14:57 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-21 05:06 - 2015-01-07 20:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-21 00:40 - 2014-11-23 17:43 - 00000000 ____D C:\ProgramData\CyberLink
2015-07-20 21:31 - 2014-12-28 10:07 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype
2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 17:55 - 2014-12-18 16:34 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 17:49 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 17:55 - 2015-02-10 16:46 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-15 17:55 - 2015-02-10 16:45 - 00000000 ____D C:\Program Files\Java
2015-07-15 17:55 - 2014-12-25 16:34 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 16:40 - 2014-12-25 12:28 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:40 - 2014-12-25 12:28 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 21:15 - 2015-02-06 09:20 - 00000000 ____D C:\Users\Joe\Desktop\Virus Scan Stuff
2015-07-13 21:07 - 2015-06-29 01:40 - 00000000 ____D C:\Users\Joe\Desktop\Games
2015-07-13 20:59 - 2015-04-11 12:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-13 20:55 - 2015-03-11 19:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-07-13 14:10 - 2014-12-18 17:11 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2014-12-18 17:11 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-03 08:43 - 2014-12-18 16:34 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-31 18:14 - 2015-03-31 18:14 - 0000046 _____ () C:\Users\Joe\AppData\Roaming\Camdata.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamLayout.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamShapes.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0004546 _____ () C:\Users\Joe\AppData\Roaming\CamStudio.cfg
2014-12-28 11:29 - 2014-12-29 22:16 - 0000097 _____ () C:\Users\Joe\AppData\Roaming\LauncherSettings_live.cfg
2014-12-28 11:18 - 2014-12-28 11:26 - 0008144 _____ () C:\Users\Joe\AppData\Roaming\TheHunterSettings_live.bin
2015-03-31 18:11 - 2015-03-31 18:11 - 0000096 _____ () C:\Users\Joe\AppData\Roaming\version2.xml
2015-06-29 09:36 - 2015-06-29 09:36 - 0000000 _____ () C:\Users\Joe\AppData\Local\{D2739118-AA15-4AAE-905C-EA0080405820}
2014-11-23 17:25 - 2014-11-23 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-27 23:34 - 2015-07-27 23:34 - 0001655 _____ () C:\ProgramData\tempimage.bmp
2014-11-23 17:47 - 2014-11-23 17:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-23 17:43 - 2014-11-23 17:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-23 17:44 - 2014-11-23 17:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-23 17:45 - 2014-11-23 17:47 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-23 17:43 - 2014-11-23 17:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Joe\AppData\Local\Temp\Quarantine.exe
C:\Users\Joe\AppData\Local\Temp\sqlite3.dll
C:\Users\Joe\AppData\Local\Temp\{2D442A9A-1E64-4719-85B4-2484C50EC123}-44.0.2403.125_44.0.2403.107_chrome_updater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-28 09:40

==================== End of log ============================



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 03 August 2015 - 01:52 PM

Hi wannawonda.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    [attachment=168310:fixlist.txt]
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix has been finished, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 03 August 2015 - 03:36 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:28-07-2015
Ran by Joe (2015-08-03 13:26:33) Run:1
Running from D:\
Loaded Profiles: Joe (Available Profiles: Joe)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
C:\Program Files (x86)\SpaceSondPro_v84.1016
C:\Users\Public\Documents\windows.exe
C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47
HKLM-x32\...\RunOnce: [SpaceSondPro_v84.1016] => C:\Program Files (x86)\SpaceSondPro_v84.1016\SpaceSondPro_Service.exe [33992 2015-07-13] ()
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Application] => C:\Users\Public\Documents\windows.exe [8368732 2015-06-13] ()
FF SelectedSearchEngine: StartWeb
2015-07-27 23:43 - 2015-07-27 23:47 - 00000000 ____D C:\Program Files (x86)\SpaceSondPro
2015-07-27 23:34 - 2015-07-27 23:34 - 00001655 _____ C:\ProgramData\tempimage.bmp
2015-07-27 23:32 - 2015-07-27 23:36 - 00000000 ____D C:\Windows\System32\Tasks\FlipBoards
2015-07-27 23:32 - 2015-07-27 23:35 - 00000000 ____D C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47
2015-07-27 23:31 - 2015-07-27 23:31 - 00000000 ____D C:\Program Files\ffsecure
2015-07-13 20:57 - 2015-07-13 20:57 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2015-07-13 20:09 - 2015-07-13 20:09 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2015-07-27 23:44 - 2015-07-27 23:53 - 00000000 ____D C:\ProgramData\abc
C:\Program Files (x86)\Portable WeatherApp
C:\Windows\PCBHDNW
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\Dll-Files.com Fixer
C:\Program Files (x86)\Itibiti Soft Phone
Task: {0734EF44-DA78-4A43-AFEF-5C2F97F3B55A} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe <==== ATTENTION
Task: {1F84F30D-A1EE-47DC-8A99-225D7B1F9319} - \avaxvavya No Task File <==== ATTENTION
Task: {83369C57-14FA-409C-B8AB-DFCDE03642CA} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe <==== ATTENTION
Task: {840D0C99-3EEF-4841-80E9-584470426689} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe <==== ATTENTION
Task: {92649A78-0A00-40BE-A006-DB54785AEBDA} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {980FDC4A-550F-4B36-8687-E20993C4D35C} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {C80DE0D4-C9A5-4715-B553-707454E2AB90} - \BBQLeads No Task File <==== ATTENTION
Task: {DF155B02-D85E-4BCA-A863-62967AF60B2E} - System32\Tasks\Microsoft\Windows\Maintenance\OverLook Updater => %LOCALAPPDATA%\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe <==== ATTENTION
Task: {F47DC3F5-04A3-482B-949D-EE6312936ED6} - \XXUVBT No Task File <==== ATTENTION
Task: {FE3EFFAE-2E15-4FDD-8287-5B3CB01CB223} - System32\Tasks\OverLook Worker => %LOCALAPPDATA%\1BAA035A-CD47-434C-9A60-F030BC74BF47\Runner.exe <==== ATTENTION
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window http:/toolbar.avg.com/
FirewallRules: [{79EA0455-271B-4636-97C3-45244501976F}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B2B030ED-1761-4C18-9491-C6F18C71D337}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{C0F00912-A165-4672-82DD-1D8EE3A41EA0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{816CFF55-FD8C-4EF6-9D40-4231A4037D2A}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{666CE383-5299-412F-84C7-1DBFCF68A399}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6B23326D-B353-4133-8EB3-B3D396E42A82}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{DF45BE21-050E-4D93-AF30-87CA3D210A9D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{076A2EDB-7BFD-4EB1-8E28-00064FD531C2}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{796D4263-BFED-4320-9B8F-E4D12E02E74B}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B752FE4F-A3A1-4360-A378-C47688C4ABD1}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{6B0C071E-60C7-485E-9A39-62EC366A8D49}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{3B9703CE-31CC-4F04-A448-BCD66EB07681}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{95617DAD-2237-4268-8277-A3A3DCDA074D}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{2CEFED53-8049-4BAD-8FE0-C08FC0FD52AA}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{4A31F96B-32B0-4576-888E-FA5D31140C22}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{B39FB9AD-6DE3-4133-B61F-1FCC0D0A039E}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E1366B87-0645-4E64-A961-05E8003A56FD}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{BC14A105-467A-4C35-8495-0D1D2A118325}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{7DB94C36-124C-4C76-BECB-0AE877D25F63}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{F699CC4E-FBD6-445E-A584-9EC3F3C497D0}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{19EF78B7-B26B-4856-9D49-8B90A2426FB6}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{5B7644AE-813A-49C4-A128-27F0B98013AF}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{020EEBEB-B394-48CD-B2DB-26A5723E4348}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{1BB9C625-A6EE-4915-ACED-4189FBD34AC5}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
EmptyTemp:
*****************

Processes closed successfully.
C:\Program Files (x86)\SpaceSondPro_v84.1016 => moved successfully.
C:\Users\Public\Documents\windows.exe => moved successfully.
C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47 => moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\SpaceSondPro_v84.1016 => value removed successfully
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Application => value removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Program Files (x86)\SpaceSondPro => moved successfully.
C:\ProgramData\tempimage.bmp => moved successfully.
C:\Windows\System32\Tasks\FlipBoards => moved successfully.
"C:\Users\Joe\AppData\Local\1BAA035A-CD47-434C-9A60-F030BC74BF47" => File/Folder not found.
C:\Program Files\ffsecure => moved successfully.
C:\Windows\SysWOW64\AI_RecycleBin => moved successfully.
C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP => moved successfully.
C:\ProgramData\abc => moved successfully.
"C:\Program Files (x86)\Portable WeatherApp" => File/Folder not found.
"C:\Windows\PCBHDNW" => File/Folder not found.
"C:\Program Files (x86)\sushileads" => File/Folder not found.
"C:\Program Files (x86)\Dll-Files.com Fixer" => File/Folder not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => File/Folder not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0734EF44-DA78-4A43-AFEF-5C2F97F3B55A} => key not found.
C:\Windows\System32\Tasks\IE_ERR4WDR not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IE_ERR4WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F84F30D-A1EE-47DC-8A99-225D7B1F9319}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F84F30D-A1EE-47DC-8A99-225D7B1F9319}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvavya" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{83369C57-14FA-409C-B8AB-DFCDE03642CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83369C57-14FA-409C-B8AB-DFCDE03642CA}" => key removed successfully
C:\Windows\System32\Tasks\HDNINSTSCHD => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDNINSTSCHD" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{840D0C99-3EEF-4841-80E9-584470426689} => key not found.
C:\Windows\System32\Tasks\UPDTEXE4_WDR not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPDTEXE4_WDR => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92649A78-0A00-40BE-A006-DB54785AEBDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92649A78-0A00-40BE-A006-DB54785AEBDA}" => key removed successfully
C:\Windows\System32\Tasks\Open Chrome => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Open Chrome" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{980FDC4A-550F-4B36-8687-E20993C4D35C} => key not found.
C:\Windows\System32\Tasks\SushiLeads not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C80DE0D4-C9A5-4715-B553-707454E2AB90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C80DE0D4-C9A5-4715-B553-707454E2AB90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BBQLeads" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF155B02-D85E-4BCA-A863-62967AF60B2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF155B02-D85E-4BCA-A863-62967AF60B2E}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\OverLook Updater => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\OverLook Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F47DC3F5-04A3-482B-949D-EE6312936ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F47DC3F5-04A3-482B-949D-EE6312936ED6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\XXUVBT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE3EFFAE-2E15-4FDD-8287-5B3CB01CB223}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE3EFFAE-2E15-4FDD-8287-5B3CB01CB223}" => key removed successfully
C:\Windows\System32\Tasks\OverLook Worker => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OverLook Worker" => key removed successfully
C:\Windows\Tasks\Open Chrome.job => moved successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{79EA0455-271B-4636-97C3-45244501976F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B2B030ED-1761-4C18-9491-C6F18C71D337} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C0F00912-A165-4672-82DD-1D8EE3A41EA0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{816CFF55-FD8C-4EF6-9D40-4231A4037D2A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{666CE383-5299-412F-84C7-1DBFCF68A399} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B23326D-B353-4133-8EB3-B3D396E42A82} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF45BE21-050E-4D93-AF30-87CA3D210A9D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{076A2EDB-7BFD-4EB1-8E28-00064FD531C2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{796D4263-BFED-4320-9B8F-E4D12E02E74B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B752FE4F-A3A1-4360-A378-C47688C4ABD1} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B0C071E-60C7-485E-9A39-62EC366A8D49} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B9703CE-31CC-4F04-A448-BCD66EB07681} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{95617DAD-2237-4268-8277-A3A3DCDA074D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2CEFED53-8049-4BAD-8FE0-C08FC0FD52AA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A31F96B-32B0-4576-888E-FA5D31140C22} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B39FB9AD-6DE3-4133-B61F-1FCC0D0A039E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1366B87-0645-4E64-A961-05E8003A56FD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BC14A105-467A-4C35-8495-0D1D2A118325} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DB94C36-124C-4C76-BECB-0AE877D25F63} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F699CC4E-FBD6-445E-A584-9EC3F3C497D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19EF78B7-B26B-4856-9D49-8B90A2426FB6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5B7644AE-813A-49C4-A128-27F0B98013AF} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{020EEBEB-B394-48CD-B2DB-26A5723E4348} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BB9C625-A6EE-4915-ACED-4189FBD34AC5} => value removed successfully
EmptyTemp: => 1.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 13:27:15 ====


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Joe (administrator) on MYPRECIOUS (03-08-2015 13:29:56)
Running from D:\
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-15] (Spotify Ltd)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify] => C:\Users\Joe\AppData\Roaming\Spotify\spotify.exe [7168568 2015-05-15] (Spotify Ltd)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{A83135E4-D350-4085-95AF-908B004758A4}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{B3CA82E1-E478-4A0E-9D08-CF5FBD7F3EE7}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\7ugvkxb7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3574709052-614345936-1146494541-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18]

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-25]
CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-25]
CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-25]
CHR Extension: (WOT) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-02-11]
CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-25]
CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-25]
CHR Extension: (Blur) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-25]
CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Ghostery) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-02-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-25]
CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-25]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho


LastRegBack: 2015-07-28 09:40

==================== End of log ============================



#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 04 August 2015 - 02:04 AM

Hi wannawonda.

 

Please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 04 August 2015 - 02:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
Ran by Joe (administrator) on MYPRECIOUS (04-08-2015 12:01:10)
Running from D:\
Loaded Profiles: Joe (Available Profiles: Joe)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Spotify Ltd) C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-26] (SUPERAntiSpyware)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-05-15] (Spotify Ltd)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\...\Run: [Spotify] => C:\Users\Joe\AppData\Roaming\Spotify\spotify.exe [7168568 2015-05-15] (Spotify Ltd)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3574709052-614345936-1146494541-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-06-09] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-15] (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-15] (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-18] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{A83135E4-D350-4085-95AF-908B004758A4}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
Tcpip\..\Interfaces\{B3CA82E1-E478-4A0E-9D08-CF5FBD7F3EE7}: [DhcpNameServer] 24.113.32.29 24.113.32.30 66.235.59.7
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\7ugvkxb7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-25] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-15] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-25] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3574709052-614345936-1146494541-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Joe\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-12-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-12-18]

Chrome:
=======
CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Kaspersky Protection) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-25]
CHR Extension: (Blur) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2015-08-04]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
S4 Dell Data Services; C:\Program Files\Dell\Dell Data Services\DDSSvc.exe [45936 2014-11-13] (Dell)
S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
S4 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [293440 2014-04-01] (Aviata, Inc.)
S4 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [211320 2015-02-11] (Dell Inc.)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-02-24] (Intel Corporation)
S4 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S4 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
S4 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 Survarium-Steam Update Service; C:\Program Files (x86)\Steam\steamapps\common\Survarium\game\binaries\x86\survarium_service.exe [76408 2015-04-11] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2015-03-27] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [142344 2014-12-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [771272 2014-12-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [67680 2014-03-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 mbamchameleon; C:\Windows\system32\drivers\66771784.sys [93400 2015-02-03] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42736 2014-05-22] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-11-23] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-03 20:04 - 2015-08-03 20:04 - 00000000 ____D C:\Users\Joe\AppData\Local\Game Dev Tycoon - Steam
2015-08-02 11:31 - 2015-08-02 11:31 - 00002348 _____ C:\Users\Joe\Desktop\Safe Money.lnk
2015-07-29 20:48 - 2015-08-04 12:01 - 00000000 ____D C:\FRST
2015-07-29 17:17 - 2015-07-29 17:17 - 00000000 ____D C:\SUPERDelete
2015-07-28 06:08 - 2015-07-25 06:34 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 03:19 - 2015-07-28 03:19 - 00000000 ____D C:\Users\Joe\AppData\Roaming\EurekaLog
2015-07-28 03:07 - 2015-07-28 03:07 - 00000000 ____D C:\Users\Joe\Documents\My Cheat Tables
2015-07-21 21:56 - 2015-07-21 21:56 - 00000000 ____D C:\Users\Joe\AppData\Local\CEF
2015-07-21 03:39 - 2015-07-14 07:14 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 03:39 - 2015-07-14 07:14 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-21 03:39 - 2015-07-14 07:14 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 03:39 - 2015-07-14 07:13 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-16 07:37 - 2015-07-09 12:51 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-16 07:37 - 2015-07-09 11:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-16 07:37 - 2015-07-09 09:03 - 03701760 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-16 07:37 - 2015-07-09 08:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-16 07:37 - 2015-07-09 08:53 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-16 07:37 - 2015-07-09 08:50 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-07-16 07:37 - 2015-07-09 08:50 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-16 07:37 - 2015-07-09 08:48 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-16 07:37 - 2015-07-09 08:46 - 02229248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-16 07:37 - 2015-07-09 08:38 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-16 07:37 - 2015-07-09 08:37 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-16 07:37 - 2015-07-09 08:35 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-16 07:37 - 2015-07-09 08:34 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-16 07:37 - 2015-06-26 20:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-16 07:37 - 2015-06-26 20:08 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-16 07:37 - 2015-06-26 19:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-16 07:36 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-16 07:36 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-16 07:36 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-16 07:36 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-16 07:36 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-16 07:36 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-16 07:36 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-16 07:36 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-16 07:36 - 2015-07-01 15:08 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-16 07:36 - 2015-07-01 14:14 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-16 07:36 - 2015-06-29 15:43 - 00026288 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-16 07:36 - 2015-06-29 08:07 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-16 07:36 - 2015-06-29 08:07 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-16 07:36 - 2015-06-27 22:07 - 00442712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-16 07:36 - 2015-06-27 22:07 - 00178008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-16 07:36 - 2015-06-27 22:06 - 01311960 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-16 07:36 - 2015-06-27 22:06 - 00332120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-16 07:36 - 2015-06-27 09:42 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-16 07:36 - 2015-06-26 20:13 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-16 07:36 - 2015-06-26 20:12 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-16 07:36 - 2015-06-26 20:12 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-16 07:36 - 2015-06-26 19:40 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-16 07:36 - 2015-06-26 19:05 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-16 07:36 - 2015-06-26 19:00 - 00989184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-16 07:36 - 2015-06-26 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-16 07:36 - 2015-06-26 18:26 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-16 07:36 - 2015-06-26 16:21 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-16 07:36 - 2015-06-26 16:21 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-16 07:36 - 2015-06-24 19:31 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-16 07:36 - 2015-06-15 15:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-16 07:36 - 2015-06-15 15:24 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-16 07:36 - 2015-06-15 14:16 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-16 07:36 - 2015-06-15 14:09 - 03607552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-16 07:36 - 2015-06-15 13:50 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-16 07:36 - 2015-06-15 12:57 - 02460160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-16 07:36 - 2015-05-30 14:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-07-16 07:36 - 2015-05-30 12:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-07-16 07:36 - 2015-05-30 12:35 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-16 07:36 - 2015-05-11 11:17 - 01201664 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-07-16 07:36 - 2015-05-07 10:50 - 22292672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-16 07:36 - 2015-05-07 10:00 - 03109376 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-07-16 07:36 - 2015-05-07 09:53 - 19734960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-16 07:36 - 2015-05-07 09:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-07-16 07:36 - 2015-05-07 08:21 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2015-07-16 07:36 - 2015-05-07 08:05 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2015-07-16 07:36 - 2015-05-03 08:09 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 07:36 - 2015-05-03 07:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-07-16 07:36 - 2015-05-03 07:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-07-16 07:36 - 2015-05-03 07:49 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-07-16 07:36 - 2015-05-02 17:39 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-16 07:36 - 2015-04-29 16:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-07-16 07:36 - 2015-04-24 19:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-07-16 07:36 - 2014-11-04 12:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-07-16 07:36 - 2014-11-04 12:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-07-16 07:36 - 2014-11-03 23:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-07-16 07:36 - 2014-11-03 23:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-07-16 07:35 - 2015-06-15 22:36 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-16 07:35 - 2015-06-15 22:36 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-16 07:35 - 2015-06-15 15:39 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-16 07:35 - 2015-06-15 15:38 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-16 07:35 - 2015-06-15 15:26 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-16 07:35 - 2015-06-15 15:24 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-16 07:35 - 2015-06-15 15:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-07-16 07:35 - 2015-06-15 14:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-16 07:35 - 2015-06-15 14:57 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-16 07:35 - 2015-06-15 14:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-07-16 07:35 - 2015-06-15 14:55 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-16 07:35 - 2015-06-15 14:49 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-07-16 07:35 - 2015-06-15 14:41 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-07-16 07:35 - 2015-06-15 14:38 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-16 07:35 - 2015-06-15 14:36 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-16 07:35 - 2015-06-15 14:17 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-07-16 07:35 - 2015-06-15 14:16 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-16 07:35 - 2015-06-15 14:15 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-16 07:35 - 2015-06-15 14:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-16 07:35 - 2015-06-15 14:04 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-16 07:35 - 2015-06-15 14:03 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-16 07:35 - 2015-06-15 13:52 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-16 07:35 - 2015-06-15 13:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-07-16 07:35 - 2015-06-15 13:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-16 07:35 - 2015-06-15 13:43 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-16 07:35 - 2015-06-15 13:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-07-16 07:35 - 2015-06-15 13:41 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-16 07:35 - 2015-06-15 13:37 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-07-16 07:35 - 2015-06-15 13:32 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-07-16 07:35 - 2015-06-15 13:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-16 07:35 - 2015-06-15 13:30 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-16 07:35 - 2015-06-15 13:30 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-16 07:35 - 2015-06-15 13:17 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-07-16 07:35 - 2015-06-15 13:07 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-16 07:35 - 2015-06-15 13:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-16 07:35 - 2015-06-10 20:49 - 01380600 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-16 07:35 - 2015-06-10 09:13 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-16 07:35 - 2015-05-12 06:19 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-07-16 07:35 - 2015-05-11 09:34 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-07-16 07:35 - 2015-05-07 09:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-16 07:35 - 2015-05-03 08:07 - 07784448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-07-16 07:35 - 2015-05-03 07:57 - 05264384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-07-16 07:35 - 2015-05-01 16:33 - 00410739 _____ C:\Windows\system32\ApnDatabase.xml
2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\SysWOW64\locale.nls
2015-07-16 07:35 - 2015-04-28 06:13 - 00513480 _____ C:\Windows\system32\locale.nls
2015-07-16 07:35 - 2015-04-23 08:47 - 03084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-07-16 07:35 - 2015-04-23 08:16 - 02471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 12:02 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru
2015-08-04 12:01 - 2014-03-18 02:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 12:00 - 2014-12-25 11:43 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps
2015-08-04 11:59 - 2015-02-28 18:45 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-04 03:53 - 2014-11-23 17:40 - 01127086 _____ C:\Windows\WindowsUpdate.log
2015-08-04 03:45 - 2014-12-25 12:28 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-04 02:56 - 2014-12-18 16:51 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3574709052-614345936-1146494541-1001
2015-08-04 00:25 - 2014-12-25 12:28 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 00:25 - 2014-12-18 17:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-03 19:31 - 2014-12-30 11:27 - 00000000 ____D C:\Program Files (x86)\Minecraft
2015-08-03 16:34 - 2015-03-28 15:37 - 00000000 ____D C:\Users\Joe\AppData\Roaming\OBS
2015-08-03 16:27 - 2014-12-29 17:47 - 00000000 ____D C:\Program Files (x86)\OBS
2015-08-03 13:28 - 2014-03-18 02:44 - 00223820 _____ C:\Windows\PFRO.log
2015-08-03 13:28 - 2013-08-22 07:46 - 00032848 _____ C:\Windows\setupact.log
2015-08-03 13:28 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-02 11:35 - 2015-06-06 10:39 - 00000000 ____D C:\AdwCleaner
2015-08-02 11:31 - 2014-12-18 16:46 - 00000000 ____D C:\Users\Joe
2015-08-01 12:11 - 2015-02-12 12:07 - 00000426 _____ C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-08-01 10:50 - 2015-02-02 18:16 - 00000569 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-07-30 16:57 - 2015-02-03 21:47 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 16:51 - 2015-01-14 19:43 - 00000000 ____D C:\Users\Joe\Desktop\Things
2015-07-29 13:39 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-28 09:46 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-28 09:41 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-27 23:45 - 2014-11-23 17:40 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-27 23:41 - 2015-04-11 12:23 - 00002731 _____ C:\Users\Public\Desktop\Skype.lnk
2015-07-27 23:41 - 2015-04-03 21:56 - 00002295 _____ C:\Users\Joe\Desktop\Google Chrome.lnk
2015-07-27 23:41 - 2015-03-28 15:36 - 00000967 _____ C:\Users\Joe\Desktop\Open Broadcaster Software.lnk
2015-07-27 23:41 - 2015-02-14 14:43 - 00001959 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00001450 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00000551 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:41 - 2014-12-18 16:46 - 00000549 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000551 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-27 23:40 - 2014-03-18 02:54 - 00000549 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-07-25 11:02 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 10:57 - 2013-08-22 07:44 - 00492000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-22 03:47 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache
2015-07-21 15:05 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\WinStore
2015-07-21 14:57 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData
2015-07-21 05:06 - 2015-01-07 20:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-21 00:40 - 2014-11-23 17:43 - 00000000 ____D C:\ProgramData\CyberLink
2015-07-20 21:31 - 2014-12-28 10:07 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype
2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-17 17:57 - 2015-04-17 22:05 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-17 17:55 - 2014-12-18 16:34 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 17:49 - 2015-04-06 15:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 17:55 - 2015-02-10 16:46 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-07-15 17:55 - 2015-02-10 16:45 - 00000000 ____D C:\Program Files\Java
2015-07-15 17:55 - 2014-12-25 16:34 - 00000000 ____D C:\ProgramData\Oracle
2015-07-15 16:40 - 2014-12-25 12:28 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 16:40 - 2014-12-25 12:28 - 00003664 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 21:15 - 2015-02-06 09:20 - 00000000 ____D C:\Users\Joe\Desktop\Virus Scan Stuff
2015-07-13 21:07 - 2015-06-29 01:40 - 00000000 ____D C:\Users\Joe\Desktop\Games
2015-07-13 20:59 - 2015-04-11 12:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-13 20:55 - 2015-03-11 19:22 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-07-13 14:10 - 2014-12-18 17:11 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-13 14:10 - 2014-12-18 17:11 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-03-31 18:14 - 2015-03-31 18:14 - 0000046 _____ () C:\Users\Joe\AppData\Roaming\Camdata.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamLayout.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0000408 _____ () C:\Users\Joe\AppData\Roaming\CamShapes.ini
2015-03-31 18:14 - 2015-03-31 18:14 - 0004546 _____ () C:\Users\Joe\AppData\Roaming\CamStudio.cfg
2014-12-28 11:29 - 2014-12-29 22:16 - 0000097 _____ () C:\Users\Joe\AppData\Roaming\LauncherSettings_live.cfg
2014-12-28 11:18 - 2014-12-28 11:26 - 0008144 _____ () C:\Users\Joe\AppData\Roaming\TheHunterSettings_live.bin
2015-03-31 18:11 - 2015-03-31 18:11 - 0000096 _____ () C:\Users\Joe\AppData\Roaming\version2.xml
2015-06-29 09:36 - 2015-06-29 09:36 - 0000000 _____ () C:\Users\Joe\AppData\Local\{D2739118-AA15-4AAE-905C-EA0080405820}
2014-11-23 17:25 - 2014-11-23 17:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-23 17:47 - 2014-11-23 17:47 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-11-23 17:43 - 2014-11-23 17:44 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-11-23 17:44 - 2014-11-23 17:45 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-11-23 17:45 - 2014-11-23 17:47 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-11-23 17:43 - 2014-11-23 17:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-28 09:40

==================== End of log ============================



#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:03:20 PM

Posted 06 August 2015 - 02:26 PM

Hi wannawonda.

 

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to its Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system.
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
  • The THREAT SCAN will automatically begin.
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
  • To complete any actions taken you will be prompted to restart your computer...click on YesFailure to reboot normally will prevent Malwarebytes from removing all the malware.
  • After rebooting the computer, copy and paste the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 
-----------------
 
Important Note: Your version of Adobe Flash is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to update Adobe flash:
  • Please download the latest version of Adobe Flash from http://get.adobe.com/flashplayer/otherversions/ to your Desktop
  • Double click the file to start the installation process
  • Repeat 1. and 2. for every other browser you have installed (eg Internet Explorer / Firefox / Chrome / Safari / Opera..) as applicable.

-------------

 

After the scan has been completed, please create a new FRST log for me.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 wannawonda

wannawonda
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:12:20 AM

Posted 07 August 2015 - 12:38 PM

The laptop will not connect to the internet.  He has been using a disc to interface between our desktop and his laptop.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users