Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help: log analysis (hijack this)


  • This topic is locked This topic is locked
21 replies to this topic

#1 jaredkauk

jaredkauk

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 September 2015 - 12:33 PM

Hi,
 
any help with analyzing this logfile from a hijack this scan is much appreciated. My browser seems to be hijacked (startup page and default browser are set to google but redirect to yahoo) and I am suspecting malware.
 
thanks
 
Jared
 
--------
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:52:40 AM, on 09/21/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16685)
 
 
Boot mode: Normal
 
Running processes:
C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\7\plugin.exe
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\12\plugin.exe
C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\3\plugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\user\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1ADB0VXfVBdFElXTwhnMlhfDlczU1RNI1E=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Dragon Branch - {d640ce67-58e4-43c2-9adc-6bb959d7c606} - C:\Program Files (x86)\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [f.lux] "C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - Startup: Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/46.18/uploader2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ID-ID/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c98a6795b80720) (gupdate1c98a6795b80720) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service Mgr DragonBranch - Unknown owner - C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Update Mgr DragonBranch - Unknown owner - C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
 
--
End of file - 13242 bytes

Edit: Moved topic from Anti-Virus and Anti-Malware Software to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 21 September 2015 - 01:38 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 24 September 2015 - 02:21 PM

Hi Jurgen,

 

Thank you for your help.

 

I don't know what it means to run FRST with "administrator priveleges," but I ran it anyway and was able to do the scan that produced two logs. They are pasted below - let me know what the next step is. I have read your instructions and everything is good - I do not have any cracked software.

 

-Jared

 

//////////////////////////////////

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by user (administrator) on GABE-LAPTOP (24-09-2015 12:15:43)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(TOSHIBA Corporation.) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Flux Software LLC) C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\Spotify.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\4\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\3\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\8\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\5\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\6\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\2\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\12\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\7\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\7\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\3\Plugin.exe
() C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\12\Plugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [519544 2007-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)
HKLM-x32\...\Run: [PCMAgent] => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1843088 2015-08-26] (APN)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1013128 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {97c37c82-6587-11dd-ab11-001e6896ff61} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {97c37c85-6587-11dd-ab11-001e6896ff61} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {a9c522a4-9df7-11df-b48b-001e6896ff61} - E:\Setup_FlipShare.exe
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {cb613b61-6580-11e0-9118-001e6896ff61} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-10-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dropbox.lnk [2015-03-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{BB19A359-0C26-4938-B9FF-1E4809BADD28}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1ADB0VXfVBdFElXTwhnMlhfDlczU1RNI1E=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1ADB0VXfVBdFElXTwhnMlhfDlczU1RNI1E=
HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {41B798CA-7A24-4872-9FF3-21368AC69306} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTSEcFME0FCFwEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM -> {41B798CA-7A24-4872-9FF3-21368AC69306} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTSEcFME0FCFwEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTSEcFME0FCFwEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTSEcFME0FCFwEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Dragon Branch -> {d640ce67-58e4-43c2-9adc-6bb959d7c606} -> C:\Program Files (x86)\Dragon Branch\Extensions\d640ce67-58e4-43c2-9adc-6bb959d7c606.dll [2015-05-11] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-07-22] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {44990B00-3C9D-426D-81DF-AAB636FA4345} hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: HKLM-x32 {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/46.18/uploader2.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/ID-ID/a-UNO1/GAME_UNO1.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-10-20] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-10-17] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-11-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-17]
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1oDB0VXfV5bFElXTwhnMlhfDlczU1RNI1E="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1oDB0VXfV5bFElXTwhnMlhfDlczU1RNI1E="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTQkcFME0FBloEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHAdCdAABWQpJDAZHeF8VVQ5AFxhBJg8ATAxGFlETcF0BAAxFERNBNARaAktXUUEeJ1pNER8fHHFRIV5XD3sDQFtAKA==
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk [2013-11-04]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (Dropbox for Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-15]
CHR Extension: (RealDownloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Summer Fields) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf [2013-10-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2015-06-04]
CHR HKLM\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [2015-08-26]
CHR HKLM-x32\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx [2015-06-04]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [lpadbdkobbgjgonnfnipfngifldcdfin] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx [2015-08-26]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [201616 2015-08-26] (APN LLC.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2008-04-03] (TOSHIBA Corporation.) [File not signed]
S3 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-25] (Macrovision Europe Ltd.) [File not signed]
S2 gupdate1c98a6795b80720; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S3 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 Service Mgr DragonBranch; C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe [1044752 2015-09-24] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
S3 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S3 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-11] (TOSHIBA Corporation)
S3 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S3 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 Update Mgr DragonBranch; C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe [611600 2015-09-24] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-20] (Microsoft Corporation)
S2 MCSTRM; no ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-15] () [File not signed]
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 Tosrfcom; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
U4 bdselfpr; no ImagePath
S3 iLokDrvr; system32\DRIVERS\iLokDrvr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 L6UX2; System32\Drivers\L6UX264.sys [X]
S3 LoopBeMidi1; system32\drivers\loopbe1.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 O2MDRDR; system32\DRIVERS\o2mdx64.sys [X]
S3 O2SDRDR; system32\DRIVERS\o2sdx64.sys [X]
U2 wuaserv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-24 12:15 - 2015-09-24 12:16 - 00030863 _____ C:\Users\user\Desktop\FRST.txt
2015-09-24 12:14 - 2015-09-24 12:15 - 00000000 ____D C:\FRST
2015-09-24 12:13 - 2015-09-24 12:13 - 02192384 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-09-24 12:13 - 2015-09-24 12:13 - 01695744 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-09-21 23:33 - 2015-09-21 23:33 - 00001675 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-21 23:33 - 2015-09-21 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-21 23:31 - 2015-09-21 23:32 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-21 23:31 - 2015-09-21 23:32 - 00000000 ____D C:\Program Files\iTunes
2015-09-21 23:31 - 2015-09-21 23:31 - 00000000 ____D C:\Program Files\iPod
2015-09-21 23:31 - 2015-09-21 23:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-21 23:24 - 2015-09-21 23:24 - 00000000 ____D C:\Windows\LastGood
2015-09-21 23:22 - 2015-09-21 23:22 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-21 23:22 - 2015-09-21 23:22 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-21 23:20 - 2015-09-21 23:20 - 00001733 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-21 23:20 - 2015-09-21 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-21 23:20 - 2015-09-21 23:20 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-21 10:22 - 2015-09-21 10:22 - 00000000 ____D C:\Users\user\Downloads\backups
2015-09-21 09:54 - 2015-09-21 09:54 - 00013244 _____ C:\Users\user\Desktop\hijackthis.log
2015-09-21 09:52 - 2015-09-21 10:00 - 00013306 _____ C:\Users\user\Downloads\hijackthis.log
2015-09-21 09:50 - 2015-09-21 09:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2015-09-14 08:40 - 2015-09-14 08:40 - 00001901 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-14 08:40 - 2015-09-14 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-14 08:40 - 2015-09-14 08:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-12 17:23 - 2015-09-20 14:30 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2554034294-363694751-669932369-1000
2015-09-12 17:23 - 2015-09-20 14:30 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2554034294-363694751-669932369-1000
2015-09-05 16:32 - 2015-09-05 16:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-04 00:24 - 2015-09-04 00:24 - 06427942 _____ C:\Users\user\Downloads\IMG_1261.mov
2015-09-03 23:30 - 2015-09-03 20:03 - 572551396 ____N C:\Users\user\Desktop\IMG_2780.MOV
2015-09-01 22:53 - 2015-08-14 16:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-01 22:53 - 2015-08-14 16:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-01 22:53 - 2015-08-14 16:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-01 22:53 - 2015-08-14 16:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-01 22:53 - 2015-08-14 15:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-01 22:53 - 2015-08-14 15:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-25 13:18 - 2015-05-08 16:09 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-25 13:18 - 2015-05-08 16:01 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-25 13:15 - 2015-06-27 09:03 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-25 13:15 - 2015-06-27 09:03 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-25 13:15 - 2015-06-27 09:02 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-25 13:15 - 2015-06-27 09:02 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-25 13:15 - 2015-06-27 09:01 - 00801280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-08-25 13:15 - 2015-06-27 08:40 - 01304576 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-25 13:15 - 2015-06-27 08:40 - 00658944 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-25 13:15 - 2015-06-27 08:40 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-25 13:15 - 2015-06-27 08:39 - 01065472 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-25 13:15 - 2015-06-27 07:30 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-25 13:15 - 2015-06-27 07:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-25 13:15 - 2015-06-12 06:13 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-25 13:15 - 2015-01-08 17:28 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-25 13:14 - 2015-07-31 13:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 13:14 - 2015-07-31 12:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-25 13:13 - 2015-07-03 09:04 - 01316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-25 13:13 - 2015-07-03 08:41 - 01916416 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-25 13:12 - 2015-07-10 12:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-25 13:12 - 2015-07-10 12:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-25 13:11 - 2015-07-11 10:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-25 13:11 - 2015-07-11 08:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-25 13:11 - 2015-05-31 01:11 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-25 13:11 - 2015-05-31 00:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-25 13:09 - 2015-06-17 09:50 - 02264576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-25 13:09 - 2015-06-17 09:23 - 03137536 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-25 13:09 - 2015-06-17 08:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-25 13:09 - 2015-06-17 08:09 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-25 13:08 - 2015-07-09 07:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-25 13:08 - 2015-07-09 07:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-25 13:08 - 2015-07-09 07:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-25 13:08 - 2015-05-04 15:51 - 10627584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-08-25 13:08 - 2015-05-04 15:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-08-25 13:08 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-08-25 13:08 - 2015-05-04 15:50 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-08-25 13:08 - 2015-05-04 15:33 - 13427712 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-25 13:08 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-08-25 13:08 - 2015-05-04 15:33 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-08-25 13:08 - 2015-05-04 15:32 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-08-25 13:08 - 2015-05-04 14:39 - 08147456 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-08-25 13:08 - 2015-05-04 14:21 - 08147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-08-25 13:07 - 2015-06-12 09:03 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-25 13:07 - 2015-06-12 08:46 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-25 13:06 - 2015-07-18 08:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-25 13:02 - 2015-04-24 08:54 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-08-25 13:02 - 2015-04-24 08:41 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-08-25 13:01 - 2015-07-21 13:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-25 13:01 - 2015-07-21 13:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-25 13:01 - 2015-07-21 08:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-25 13:01 - 2015-07-21 08:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-25 13:01 - 2015-07-21 08:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-25 13:01 - 2015-07-21 08:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-25 13:01 - 2015-07-21 08:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-25 13:01 - 2015-07-21 08:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-25 13:01 - 2015-07-10 12:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-25 13:01 - 2015-07-10 12:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-25 13:01 - 2015-07-10 12:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-25 13:01 - 2015-07-10 12:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-25 13:00 - 2015-07-31 15:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-25 13:00 - 2015-07-31 15:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-25 13:00 - 2015-07-31 14:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-25 13:00 - 2015-07-31 14:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-25 13:00 - 2015-07-31 14:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-25 13:00 - 2015-07-31 14:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-25 13:00 - 2015-07-31 14:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-25 13:00 - 2015-07-31 14:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-25 13:00 - 2015-07-31 14:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-25 13:00 - 2015-07-31 14:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-25 13:00 - 2015-07-31 14:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-25 13:00 - 2015-07-31 14:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-25 13:00 - 2015-07-31 14:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-25 13:00 - 2015-07-31 14:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-25 13:00 - 2015-07-31 14:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-25 13:00 - 2015-07-31 13:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-25 13:00 - 2015-07-31 13:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-25 13:00 - 2015-07-31 13:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-25 13:00 - 2015-07-31 13:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-25 13:00 - 2015-07-31 13:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-25 13:00 - 2015-07-31 13:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-25 13:00 - 2015-07-31 13:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-25 12:59 - 2015-07-01 08:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-25 12:59 - 2015-07-01 08:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-25 12:57 - 2015-07-09 07:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-24 12:14 - 2015-06-24 12:19 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job
2015-09-24 12:07 - 2015-06-24 12:19 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job
2015-09-24 12:07 - 2015-05-11 13:30 - 00000000 ____D C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb
2015-09-24 12:07 - 2013-12-07 15:04 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job
2015-09-24 12:07 - 2013-11-27 22:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-09-24 12:07 - 2013-11-27 22:28 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-09-24 12:07 - 2009-06-30 18:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-24 12:07 - 2008-07-12 03:53 - 01294130 _____ C:\Windows\WindowsUpdate.log
2015-09-24 12:06 - 2013-10-29 07:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-24 12:06 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-24 12:06 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 21:02 - 2013-12-07 15:04 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job
2015-09-23 20:55 - 2009-06-30 18:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 14:25 - 2013-10-15 00:42 - 00001998 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 23:31 - 2013-11-26 01:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-21 23:22 - 2013-11-26 01:22 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-21 22:32 - 2013-10-29 07:15 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 22:32 - 2013-10-29 07:15 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-21 22:32 - 2013-10-29 07:15 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-09-18 18:52 - 2013-12-07 15:04 - 00003786 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA
2015-09-18 18:52 - 2013-12-07 15:04 - 00003390 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core
2015-09-16 20:27 - 2009-06-30 18:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 20:27 - 2009-06-30 18:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 20:25 - 2015-08-20 18:33 - 00000732 _____ C:\Users\user\AppData\Local\d3d9caps64.dat
2015-09-16 20:22 - 2008-11-17 18:51 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-14 19:49 - 2008-08-25 19:18 - 00006944 _____ C:\Users\user\AppData\Local\d3d9caps.dat
2015-09-12 17:22 - 2014-07-07 13:47 - 00000000 ___RD C:\Users\user\Dropbox
2015-09-12 17:22 - 2014-07-07 13:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-09-12 17:17 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-12 17:17 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\registration
2015-09-02 23:13 - 2006-11-02 05:46 - 00777736 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-02 08:31 - 2015-05-27 14:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-09-01 22:55 - 2006-11-02 08:42 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-25 21:27 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\rescache
2015-08-25 21:06 - 2006-11-02 08:21 - 00365240 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-25 21:02 - 2006-11-02 08:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-25 21:01 - 2008-10-29 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-25 13:18 - 2010-06-03 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
 
==================== Files in the root of some directories =======
 
2008-08-24 11:46 - 2011-04-15 22:59 - 0000004 _____ () C:\Users\user\AppData\Roaming\1D2983
2010-11-04 23:29 - 2011-04-15 22:59 - 0870128 _____ () C:\Users\user\AppData\Roaming\mcs.rma
2009-06-08 18:47 - 2009-06-08 18:47 - 0027070 _____ () C:\Users\user\AppData\Roaming\UserTile.png
2009-05-04 21:37 - 2011-02-22 10:27 - 0001474 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2010-11-26 15:11 - 2010-11-26 15:11 - 0000552 _____ () C:\Users\user\AppData\Local\d3d8caps.dat
2008-08-25 19:18 - 2015-09-14 19:49 - 0006944 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2015-08-20 18:33 - 2015-09-16 20:25 - 0000732 _____ () C:\Users\user\AppData\Local\d3d9caps64.dat
2008-08-24 00:23 - 2014-08-05 11:44 - 0086528 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-10-01 21:02 - 2009-10-01 21:02 - 0220326 _____ () C:\Users\user\AppData\Local\dd_ATL90SP1_KB973924MSI063F.txt
2009-10-01 21:02 - 2009-10-01 21:02 - 0011668 _____ () C:\Users\user\AppData\Local\dd_ATL90SP1_KB973924UI063F.txt
2009-02-14 14:50 - 2009-02-14 15:03 - 0200242 _____ () C:\Users\user\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2009-02-14 14:50 - 2009-02-14 14:50 - 0000002 _____ () C:\Users\user\AppData\Local\dd_dotnetfx35error.txt
2009-02-14 14:50 - 2009-02-14 15:14 - 0171448 _____ () C:\Users\user\AppData\Local\dd_dotnetfx35install.txt
2009-02-14 15:11 - 2009-02-14 15:13 - 2483460 _____ () C:\Users\user\AppData\Local\dd_NET_Framework35_x64_MSI15A5.txt
2009-09-21 16:01 - 2009-09-21 16:02 - 0413114 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI1327.txt
2010-12-18 20:18 - 2010-12-18 20:18 - 0368086 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI197C.txt
2015-06-29 13:31 - 2015-06-29 13:31 - 0386858 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI3208.txt
2014-09-21 20:50 - 2014-09-21 20:50 - 0387180 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI3ED6.txt
2011-08-05 01:00 - 2011-08-05 09:45 - 0619316 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI5632.txt
2015-06-26 14:31 - 2015-06-26 14:32 - 0386944 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI757D.txt
2009-09-21 16:01 - 2009-09-21 16:02 - 0012150 _____ () C:\Users\user\AppData\Local\dd_vcredistUI1327.txt
2010-12-18 20:18 - 2010-12-18 20:18 - 0011378 _____ () C:\Users\user\AppData\Local\dd_vcredistUI197C.txt
2015-06-29 13:31 - 2015-06-29 13:31 - 0014986 _____ () C:\Users\user\AppData\Local\dd_vcredistUI3208.txt
2014-09-21 20:50 - 2014-09-21 20:50 - 0011386 _____ () C:\Users\user\AppData\Local\dd_vcredistUI3ED6.txt
2011-08-05 01:00 - 2011-08-05 09:45 - 0218628 _____ () C:\Users\user\AppData\Local\dd_vcredistUI5632.txt
2015-06-26 14:31 - 2015-06-26 14:32 - 0011370 _____ () C:\Users\user\AppData\Local\dd_vcredistUI757D.txt
2009-02-14 14:50 - 2009-02-14 15:14 - 0002330 _____ () C:\Users\user\AppData\Local\uxeventlog.txt
2014-12-12 00:03 - 2014-12-12 00:03 - 0000000 _____ () C:\Users\user\AppData\Local\{3A778817-DF04-497C-A96F-EE69EFDE81F5}
2015-03-21 03:41 - 2015-03-21 03:41 - 0000000 _____ () C:\Users\user\AppData\Local\{CA534B88-B529-45CF-8C5D-B4E1A8EF52B7}
2015-03-24 04:41 - 2015-03-24 04:41 - 0000000 _____ () C:\Users\user\AppData\Local\{E2F03E1A-B0EE-450C-A7B7-D5212404032A}
2015-07-26 04:46 - 2015-07-26 04:46 - 0000000 _____ () C:\Users\user\AppData\Local\{E76F6864-60F4-48A0-9FA6-34F6CC7BF13F}
2011-09-05 12:40 - 2011-09-05 12:40 - 0302764 _____ () C:\ProgramData\1315214779.bdinstall.bin
2012-02-18 23:36 - 2012-02-18 23:36 - 0092549 _____ () C:\ProgramData\1329633254.bdinstall.bin
2010-08-22 12:55 - 2011-03-08 01:34 - 0015531 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\user\AppData\Local\Temp\APNSetup.exe
C:\Users\user\AppData\Local\Temp\cct.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdt6l4i.dll
C:\Users\user\AppData\Local\Temp\GUR2CDB.exe
C:\Users\user\AppData\Local\Temp\GUR6AA6.exe
C:\Users\user\AppData\Local\Temp\GUR8AC1.exe
C:\Users\user\AppData\Local\Temp\GURE453.exe
C:\Users\user\AppData\Local\Temp\GUREDE8.exe
C:\Users\user\AppData\Local\Temp\JavaIC.dll
C:\Users\user\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\msscct32.dll
C:\Users\user\AppData\Local\Temp\oi_{1A41D821-6C0B-4677-8456-CE7AACE68363}.exe
C:\Users\user\AppData\Local\Temp\stubhelper.dll
C:\Users\user\AppData\Local\Temp\{0621EEFA-98FA-4815-AC5E-3CEB00FE29E0}.dll
C:\Users\user\AppData\Local\Temp\{0907FDC7-03F1-406B-862E-418C72CC096F}.dll
C:\Users\user\AppData\Local\Temp\{0F561F35-A558-4165-9EB9-A1B56A9B5C9E}.dll
C:\Users\user\AppData\Local\Temp\{1158023A-13F0-40D0-A3C1-13C91EC92710}.dll
C:\Users\user\AppData\Local\Temp\{14650349-E94F-4F83-BB41-5DC5B08B4D47}.dll
C:\Users\user\AppData\Local\Temp\{1C911590-F066-46AF-B1E9-3AC973292293}.dll
C:\Users\user\AppData\Local\Temp\{1D9BB169-0D83-45A0-992A-1DB041229188}.dll
C:\Users\user\AppData\Local\Temp\{1F508F93-14D6-4458-9EC7-5B700E5E2690}.dll
C:\Users\user\AppData\Local\Temp\{20DFC162-24E3-43FB-A1FD-11658DB25B6F}.dll
C:\Users\user\AppData\Local\Temp\{21E97F52-4E6E-493C-900A-A508839A7951}.dll
C:\Users\user\AppData\Local\Temp\{2C3D3301-9F88-4AA6-8B1F-DED490694BBD}.dll
C:\Users\user\AppData\Local\Temp\{2F9403B9-E795-4B12-BFE7-1FC00D76FB6F}.dll
C:\Users\user\AppData\Local\Temp\{30A09729-D089-4465-9086-EC81BA4855F4}.dll
C:\Users\user\AppData\Local\Temp\{32C72ACF-E6AF-4F2A-9BE9-80A8A8D6853D}.dll
C:\Users\user\AppData\Local\Temp\{524A5F8F-3F75-4D7F-8E9B-6678B257C726}.dll
C:\Users\user\AppData\Local\Temp\{59C31BAB-37A3-451C-B429-A79D9E2DB24D}.dll
C:\Users\user\AppData\Local\Temp\{5D376B59-5754-427D-954F-724759C908DB}.dll
C:\Users\user\AppData\Local\Temp\{61BBBBA3-8F33-4EB1-BA8F-A57769A4CD1D}.dll
C:\Users\user\AppData\Local\Temp\{6293DD97-FE4D-4B30-832E-F60B509D25FC}.dll
C:\Users\user\AppData\Local\Temp\{6517D83A-AB89-4679-AFDF-CD6FE2FFEC4F}.dll
C:\Users\user\AppData\Local\Temp\{678DDAFC-9E59-4E3A-9C11-A94680AE37A7}.dll
C:\Users\user\AppData\Local\Temp\{75462E65-8D44-4EF5-AB87-F510B96A3EB2}.dll
C:\Users\user\AppData\Local\Temp\{76C7EEAA-5D39-4A13-9E3B-958FD804EA74}.dll
C:\Users\user\AppData\Local\Temp\{77B55524-E40B-4853-B11B-7BB077289D4B}.dll
C:\Users\user\AppData\Local\Temp\{7EDE0E8C-FE0B-47BD-BD63-5A6D35896E27}.dll
C:\Users\user\AppData\Local\Temp\{7F7CC663-DF98-48A3-8A82-F0D44C5E0900}.dll
C:\Users\user\AppData\Local\Temp\{8AF4EB61-B1FC-428D-A741-F3DC65DCAE4F}.dll
C:\Users\user\AppData\Local\Temp\{8B30857A-F709-421F-B24F-B5D538ACF821}.dll
C:\Users\user\AppData\Local\Temp\{8D71FF53-951B-4FF5-B864-F7EB6D0BF170}.dll
C:\Users\user\AppData\Local\Temp\{90F2387D-21EB-4509-B298-E799C977C740}.dll
C:\Users\user\AppData\Local\Temp\{93944349-6FA9-41A7-9F9F-2267F42AAA61}.dll
C:\Users\user\AppData\Local\Temp\{981E078B-4A06-41D7-A88A-47A9A336E211}.dll
C:\Users\user\AppData\Local\Temp\{A8F2633B-BC43-4B28-B76E-788789BF3E55}.dll
C:\Users\user\AppData\Local\Temp\{AA79B8C6-5465-4C73-B884-A34E07515699}.dll
C:\Users\user\AppData\Local\Temp\{AB3CFE59-1A6D-4238-98CC-726A59B66102}.dll
C:\Users\user\AppData\Local\Temp\{AC77046C-AC25-47F6-BBE2-1308811E1838}.dll
C:\Users\user\AppData\Local\Temp\{BABD115B-8B38-44F8-AA10-342B1EC43EA3}.dll
C:\Users\user\AppData\Local\Temp\{BBF8A3E7-3A06-4B63-AB73-E9EC96707221}.dll
C:\Users\user\AppData\Local\Temp\{BD8E6F24-4452-4AD5-A9BB-0C27A7C71381}.dll
C:\Users\user\AppData\Local\Temp\{C0B315A6-B96A-4841-844C-1BA884C5697E}.dll
C:\Users\user\AppData\Local\Temp\{C21C9481-950F-4209-B2FD-AC85EDFF5248}.dll
C:\Users\user\AppData\Local\Temp\{C4DA5CF7-DC62-4E38-AB97-0B0E2D13B4B4}.dll
C:\Users\user\AppData\Local\Temp\{C6C59101-3361-45E3-8E96-02BBE1D288C7}.dll
C:\Users\user\AppData\Local\Temp\{C74B8321-3DC1-4767-A918-32775E1217D8}.dll
C:\Users\user\AppData\Local\Temp\{C8C517D6-AE9F-443D-8DB3-95F1A2178763}.dll
C:\Users\user\AppData\Local\Temp\{CAA2ED62-51C8-4804-A45E-DBA95394AE93}.dll
C:\Users\user\AppData\Local\Temp\{CB3C1EBC-ADD2-40BC-B2BE-79EB549C7E21}.dll
C:\Users\user\AppData\Local\Temp\{CDFD99A2-27BE-4011-9D8D-3BFF7B6E4DE8}.dll
C:\Users\user\AppData\Local\Temp\{D064C75A-3F83-4CCF-9EFA-E0617E3EBC53}.dll
C:\Users\user\AppData\Local\Temp\{D85E4A4A-83E8-4EA8-92EF-2F18D32447D8}.dll
C:\Users\user\AppData\Local\Temp\{DED9B3E9-D622-4801-A4D8-CD5B1917194E}.dll
C:\Users\user\AppData\Local\Temp\{E01E33C7-C8B1-4A86-85E5-B3C1ACDEBCC0}.dll
C:\Users\user\AppData\Local\Temp\{E5DD7ABF-BB82-44B6-8DCD-C2B94E64EC03}.dll
C:\Users\user\AppData\Local\Temp\{E608CDA4-9E4A-4F79-A6A7-8B0DCE9C9F54}.dll
C:\Users\user\AppData\Local\Temp\{E83D3AF3-3E6D-47A5-8A86-04E0905770BC}.dll
C:\Users\user\AppData\Local\Temp\{ED70083F-8B0B-4AC5-87DE-61405A2C5028}.dll
C:\Users\user\AppData\Local\Temp\{F5315BF8-C518-49F4-AA2B-C28DC3C7F71D}.dll
C:\Users\user\AppData\Local\Temp\{F539C578-9C6B-417B-980C-7DEBC07BE19C}.dll
C:\Users\user\AppData\Local\Temp\{F59B7E61-0BC7-4A98-B078-11BEF4B54D80}.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-12 17:32
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by user (2015-09-24 12:17:19)
Running from C:\Users\user\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) (2008-07-12 10:54:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2554034294-363694751-669932369-500 - Administrator - Enabled)
Guest (S-1-5-21-2554034294-363694751-669932369-501 - Limited - Disabled)
user (S-1-5-21-2554034294-363694751-669932369-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.76 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
Ask Shopping Toolbar (HKLM-x32\...\{4F524A2D-5637-2D53-4154-A758B70C2201}) (Version: 12.34.1.256 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C1D00}) (Version: 12.29.0.226 - APN, LLC) <==== ATTENTION
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{44791AD6-C026-4889-5562-CAC89488EA87}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Audacity 1.3.5 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Authorizer Ignition Key Support (Version: 1.0.0 - Propellerhead Software AB) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM-x32\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version:  - Alactro LLC) <==== ATTENTION
Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2008.0422.2139.36895 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon Branch (HKLM-x32\...\Dragon Branch) (Version: 2.0.5609.19184 - Dragon Branch) <==== ATTENTION
Dropbox (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Flux) (Version:  - )
Finale 2014d (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.0 - MakeMusic)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Free YouTube Downloader 4.0.365 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.1 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.57.4.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Melodyne 3.1 (x32 Version: 3.1.0200 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Record Ignition Key Support (Version: 1.0.0 - Propellerhead Software AB) Hidden
Roxio Video Capture USB Driver (HKLM-x32\...\TVEpaDrv) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0422.2139.36895 - ATI) Hidden
Spotify (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
TOSHIBA Application Disc Creator (HKLM\...\{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}) (Version: 2.0.0.1b for x64 - TOSHIBA Corporation)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.03 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.2.64 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}) (Version:  - )
TOSHIBA PowerCinema Helper (HKLM-x32\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)
TOSHIBA Software Upgrades (HKLM-x32\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}) (Version:  - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.19.64 - TOSHIBA Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-09-14 08:40 - 2015-09-14 08:40 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15893BBF-613D-4CA7-B4B5-EAB5CC149960} - System32\Tasks\{9DE6CF5E-F740-4620-A9D6-F61D35720C8D} => pcalua.exe -a D:\StartHere.exe -d D:\ -c /s
Task: {2E7E95D3-3B6D-436E-BD2F-4A207BA69148} - System32\Tasks\{2CD67AF3-A7E8-40A4-A0AA-8560CBC31BF3} => pcalua.exe -a "C:\PROGRA~2\Ableton\Live 7.0.16\Install\UNWISE.EXE" -c C:\PROGRA~2\Ableton\Live 7.0.16\Install\INSTALL.LOG
Task: {2F8912D5-3741-4783-932A-ED8ADE5D82A9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - user => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {4E7E6FCC-08E7-4672-83C7-A1423E752793} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5D86AA43-4677-403F-8357-DAC13745024B} - System32\Tasks\{29975EF0-5C32-4EE1-80E7-276DEDA59C14} => pcalua.exe -a C:\DRVSTEMP\COMP9\b27260b.exe -d C:\DRVSTEMP\COMP9
Task: {69A7E165-A39D-4603-9866-AE3DED92EF0D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {6A1EC8B5-780B-4950-94F2-94B1BDD81311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {88D4C0C6-1CB0-423D-840E-795C0041C7B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8D9B6591-1E69-4842-A0A7-16DBF2A6368E} - System32\Tasks\{53501848-1F13-4987-B1FC-841ECC254E31} => pcalua.exe -a "C:\PROGRA~2\TI Education\TI-83 Plus Flash Debugger\UNWISE.EXE" -c C:\PROGRA~2\TI Education\TI-83 Plus Flash Debugger\INSTALL.LOG
Task: {90BAF28D-A801-4731-873C-201B24549C3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {98A99751-3735-4C2F-8BC2-0F29AC21AB49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {9B204688-5F20-4F16-901B-E969F63A204B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BCCD84B0-D6B1-4759-9CB0-52FC69C5820D} - System32\Tasks\{77236C0E-0130-4259-B663-1C30D13F437B} => pcalua.exe -a C:\Users\Administrator\Desktop\B27260B.EXE -d C:\Users\Administrator\Desktop
Task: {C29138E9-4B17-4032-8B57-1C6DB8AE1AAC} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {CFA78FC4-7B9F-4CA4-91BC-4D4C48E4C596} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D8BDD497-4F16-48BA-87CD-07051E4FFBEA} - System32\Tasks\{F93EE575-6394-461E-B315-C687AFFA0648} => pcalua.exe -a "C:\PROGRA~2\Ableton\Live 6.0.1\Install\UNWISE.EXE" -c C:\PROGRA~2\Ableton\Live 6.0.1\Install\INSTALL.LOG
Task: {DC4E9CF3-BBC0-4EC5-B77A-78C8EF9860D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E10E8B81-FA17-49A7-9C08-942BB54FC2E7} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2554034294-363694751-669932369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {F0E03A72-3862-489C-8940-5E3A4288B7C4} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {F84DEE51-8386-4E38-BDD0-386FF8B2D6CA} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2554034294-363694751-669932369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {FDC42FF1-4B69-416A-9D3A-4217DF619268} - System32\Tasks\{CF3674CC-4CCA-4A54-AD94-A0C25A8FD79D} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c @0,0x706c676e
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{5C064645-A62E-4C1D-AE89-BF378FD6F168}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-27 14:21 - 2009-09-08 14:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-04-24 18:25 - 2008-04-24 18:25 - 00135680 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 18:25 - 2008-04-24 18:25 - 07553024 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 18:25 - 2008-04-24 18:25 - 01032704 _____ () C:\Windows\system32\FaceRec.dll
2008-07-12 04:15 - 2008-04-22 22:05 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-13 11:02 - 2015-09-24 12:07 - 00611600 _____ () C:\Program Files (x86)\Common Files\b56dff5a-df23-4e43-acde-a4f08b8dcffb\updater.exe
2015-05-11 09:39 - 2015-09-24 12:07 - 01044752 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugincontainer.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 00843536 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\4\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 01251088 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\3\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 01254672 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\8\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 01282320 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\5\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 01145104 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\6\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 01695504 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\2\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 00635152 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\12\plugin.exe
2015-09-24 12:08 - 2015-09-24 12:08 - 00986896 _____ () C:\ProgramData\b56dff5a-df23-4e43-acde-a4f08b8dcffb\plugins\7\plugin.exe
2015-09-12 17:20 - 2015-09-12 17:20 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdt6l4i.dll
2013-10-14 23:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-03-14 13:37 - 2015-09-21 23:34 - 45067320 _____ () C:\Users\user\AppData\Roaming\Spotify\libcef.dll
2015-09-23 20:56 - 2015-09-23 20:56 - 00533264 _____ () C:\Users\user\AppData\Local\Temp\{0621EEFA-98FA-4815-AC5E-3CEB00FE29E0}.dll
2015-09-24 12:08 - 2015-09-24 12:08 - 00533776 _____ () C:\Users\user\AppData\Local\Temp\{C4DA5CF7-DC62-4E38-AB97-0B0E2D13B4B4}.dll
2014-04-28 11:09 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-28 11:09 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:xqZEJta8SXkHo9ZLeUl0M
AlternateDataStreams: C:\ProgramData\Microsoft:IoHaug5fmuxkWofbsGpr894uRHSPn
AlternateDataStreams: C:\ProgramData\Microsoft:QKBq25cgIIrydPWKI7ciwN
AlternateDataStreams: C:\ProgramData\Microsoft:x8CzJBlMlzScPkkVdb
AlternateDataStreams: C:\ProgramData\Microsoft:xQ6zfdN0ghQP3CPfH1Jy4k1
AlternateDataStreams: C:\Users\user\AppData\Local\bx5TbgWGL9uCtf:Q3OJKNE1Fjcp2cJL1YK
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:1dYC2OEo0D969Rqv
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:JZ6j2gfHVoxkMw9az6mgm
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
 
There are 5870 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2554034294-363694751-669932369-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: firedogAdvisorSrvHost => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Viewpoint Manager Service => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{132C7B6E-17F9-42C8-AEB1-0E6D8E19108F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{10D5532D-A2D8-484D-8839-9573C17C49EF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A083EA71-DAEE-48CC-A3C1-3FCE3070D1B7}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{22DD95F3-3DC8-4369-8C0D-AAE1C2A2DA16}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{BF3CE710-82A6-4F59-B3BA-E7137E41E1DC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC9D0B0B-63BF-4F00-8EC3-D96B22BBED06}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{2325FF1F-5F58-4CBF-A577-6C8EA251457F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{99649124-0E2F-4C72-AB35-1BC33EEF8BDA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{532B5F73-F9DD-4A69-B6A1-BA0B0A769EA0}] => (Allow) svchost.exe
FirewallRules: [{D036CD0B-F11F-44D3-B4E3-063CD645E6E3}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{8E9C4407-6F67-4E18-B3B8-6CBC10CD597E}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{42C8480D-534C-4B14-86E4-7BD69CBCCCAB}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{276477F2-8CCD-4F75-84F0-F53CB6AA43FD}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{57DF60E7-CD7D-4803-81F8-8DDB31E3182B}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{76F3A92B-73E6-4635-9170-6F4C079BB843}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D1AF216-4240-4382-903A-F2B60CB307E9}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{2D11229F-462F-44ED-AAE3-15AE994D85EF}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{E7725CCB-7801-4022-BCE9-856794E1CE58}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{901E9D4B-EE82-4780-8E89-7697BD2B5732}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DD3B76E0-5F18-4DBE-BE99-C46A003C76F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D04ABC72-834C-4243-BB29-39E645D8FC69}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{FCF4244B-AB57-4780-881F-56F97DB71279}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{F8143893-E42E-4BF7-B7C7-BE3A667E7AFD}] => (Allow) LPort=443
FirewallRules: [{CE34D0C1-1F7C-474A-AAD4-2C580A7F8ADC}] => (Allow) LPort=443
FirewallRules: [{1925FBA4-A996-4230-AC43-BDB9E464D5A6}] => (Allow) LPort=37674
FirewallRules: [{241A5686-A3D2-4501-863E-09C603569096}] => (Allow) LPort=37674
FirewallRules: [{44DD7FB2-3E25-4345-8248-A2598838F51B}] => (Allow) LPort=37675
FirewallRules: [{3E577EB4-3A21-41C7-B72A-9E51943817FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EA48F765-90D7-4540-B31E-535FADAF84CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70FE9DDD-BDF3-4A49-AECD-894289FD5A7E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{41184D23-0982-4AD9-A3E1-BE59129215AC}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A0C29678-9741-4240-894D-E8ADF4F82865}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{82E083E1-CD84-48F2-9594-FC36E568B84D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C0DFD82-DE1E-4579-BC0C-ED3B15078608}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B2AEF5D-1274-4217-9292-EB272A9DB158}] => (Allow) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{1C5A1D2E-ED56-447E-8D87-FFA321B0A490}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{11E71A2E-4414-477C-ADD4-C486B14652F4}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{46E5F57C-AB7B-499C-8D90-32139D3A3820}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B1D5F31E-1FD7-4BFB-B87C-9C4FD6494DBD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7EFA5BC3-86E0-426D-AEDD-4EE68C483C88}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F6DE845F-E8CE-434B-99B2-76B566035FC8}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3F42\setup\HPZnui40.exe
FirewallRules: [{3985C12B-17C9-4E21-AC38-2CF5E285CFED}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3F42\setup\HPZnui40.exe
FirewallRules: [{0F69D425-8DE3-44DD-AE0C-B9B307E32B41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F13FD13E-F4C9-450F-8D44-EF954E8F1D52}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FAE7DEF7-BE61-464C-B5ED-C756A3D009EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7EABE5A7-B525-4B41-A396-8467396893AB}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3E61\setup\HPZnui40.exe
FirewallRules: [{A6244BAB-4237-423B-8F7D-70F51D5156E7}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3E61\setup\HPZnui40.exe
FirewallRules: [{E898D6A5-1CC6-40C9-9FD1-8A1EFC267646}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9023F6B3-6B34-445E-9A46-4D2BBB2526AE}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS2350\setup\HPZnui40.exe
FirewallRules: [{768782AE-4CC2-48AB-9607-F5443E8EC4F1}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS2350\setup\HPZnui40.exe
FirewallRules: [{A834CFCF-89A6-41ED-BCE1-C8C2C994DB3F}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS7EC0\setup\HPZnui40.exe
FirewallRules: [{CD59C7AC-BED8-44FE-933C-95B79444FBFB}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS7EC0\setup\HPZnui40.exe
FirewallRules: [{6F378F4E-695A-4479-8293-33BF82715643}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7B0E3CA3-14C7-4BB7-AFB6-15E34D197DF8}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F35F7081-33EE-495A-B8EF-2638DA6D59EB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F41FC5D2-CFBE-438B-885C-EC8FD0DB5A76}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A44D5EB-22FC-4652-95ED-949FD34E8A0E}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS664D\setup\HPZnui40.exe
FirewallRules: [{0D1FE93C-B8B8-4F01-B38A-A68B7D727109}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS664D\setup\HPZnui40.exe
FirewallRules: [{8B2173CF-64E4-4DBB-BE52-73C406C27FB7}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4BCD\setup\HPZnui40.exe
FirewallRules: [{1396CD69-5B1E-4E8E-BD5F-8869ADD5E4B4}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4BCD\setup\HPZnui40.exe
FirewallRules: [TCP Query User{6180A679-09E7-4353-A15A-019BF8BFCD4B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{4E57B8CE-1B3F-49EF-BA1F-99BD32A1FA49}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{A3537CF2-57E0-4504-A754-5626192B6F9F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4DB27A3-8157-4E33-A8A0-C4369D04E845}] => (Allow) LPort=2869
FirewallRules: [{2FC65855-AF1D-4061-AFE8-B763AA513126}] => (Allow) LPort=1900
FirewallRules: [{ECFC23E4-C190-47DB-8052-C580A5530196}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4F9C\setup\HPZnui40.exe
FirewallRules: [{972ADBD3-881E-442F-8763-A774BF2ABC11}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4F9C\setup\HPZnui40.exe
FirewallRules: [TCP Query User{A5667C2D-1893-4028-A392-3DBDEF1FEEDF}C:\program files (x86)\rhapsody\rhapsody.exe] => (Allow) C:\program files (x86)\rhapsody\rhapsody.exe
FirewallRules: [UDP Query User{AF4FC810-2982-4D36-9513-61645056F359}C:\program files (x86)\rhapsody\rhapsody.exe] => (Allow) C:\program files (x86)\rhapsody\rhapsody.exe
FirewallRules: [{891720B1-7C0C-4531-BE93-9946AF7A8656}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS784B\setup\HPZnui40.exe
FirewallRules: [{65CEACFC-38E3-47FE-A25A-1486416C7B10}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS784B\setup\HPZnui40.exe
FirewallRules: [TCP Query User{2CDA30D6-5DB5-4006-BC5B-8D1C0C98C33D}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [UDP Query User{05B9B2E3-33FA-48B9-AD3A-49586CFD2BD0}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [TCP Query User{36AEAA0E-0562-47B6-80BC-B273E15E21A4}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe
FirewallRules: [UDP Query User{B4C98A4C-BB10-4693-81F4-22C7E4F0EF23}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe
FirewallRules: [TCP Query User{C5C966CF-0062-442E-B906-EA68FA0EF14D}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [UDP Query User{CDC53FDF-D839-4D96-B76E-71A87A91C58F}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [{258DF021-ED9C-4647-AC4B-79824DE06862}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS205F\setup\HPZnui40.exe
FirewallRules: [{F841376A-6A41-47EE-A73D-CF06B5291880}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS205F\setup\HPZnui40.exe
FirewallRules: [TCP Query User{C1B67D32-EF88-43CA-96CB-DDA05EEC0C0A}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C3AD333C-DCB4-4BD7-A3E9-F68BE4C3A6FC}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{CE3DFF9F-AEE5-49B6-B27B-AE3E5F6864E0}] => (Allow) LPort=80
FirewallRules: [{8FFA49F0-F408-4537-A7C2-3B4C2FFA9237}] => (Allow) LPort=80
FirewallRules: [{FFB17BAF-47E7-4FCC-9577-99194F131420}] => (Allow) LPort=80
FirewallRules: [TCP Query User{0E8485A1-DC8D-4376-B398-2B6AE22A5BD1}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{222A9EAC-EBAC-47D5-8A2E-42382CEBE4BC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{28AC6372-15E5-4885-AFCE-0697E10C9C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25FF3727-D85F-4080-99AB-899CBFE16B6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB00DDBC-7B35-4A5E-9B24-3E5741B017CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E87AAC5D-57A7-4FF4-9808-F5798347D85A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4D5CB2B9-B086-4056-85DC-49B2DEDC6039}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7D9C3B9A-41B9-4D1D-BA19-20071FC2296D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A974DCFF-A404-4534-8665-2974C6481F00}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{188DBE18-07D5-4D1F-BE1F-4B0EF6127C6E}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{98F9666E-1FAE-48B5-B137-66B37BF186E0}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E706C0F1-0A4F-4C36-ADCE-E1C14E88E766}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{03E2C21F-BB50-4CE6-A0C2-C5D0E61144C2}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0ED42D42-2F12-4852-AE6B-2AE8AC70458B}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9F1F88CF-B30E-4C06-A5EA-A74766AB4735}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AE45B88B-69B7-4531-9F7E-3F2680D3FA2F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [bin\CodeMeter.exe] => C:\Program Files (x86)\CodeMeter\Runtime\:*:Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
StandardProfile\AuthorizedApplications: [bin\CodeMeter.exe] => C:\Program Files (x86)\CodeMeter\Runtime\:*:Enabled:CodeMeter Runtime Server
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/24/2015 12:14:23 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:14:23 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:14:16 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:14:15 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:07:11 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:07:04 PM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/24/2015 12:06:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47427627
 
Error: (09/24/2015 12:06:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 47427627
 
Error: (09/24/2015 12:06:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/24/2015 12:06:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 47426082
 
 
System errors:
=============
Error: (09/21/2015 11:26:10 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/21/2015 11:25:22 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
CodeIntegrity:
===================================
  Date: 2012-02-18 22:34:45.624
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:45.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:44.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:44.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:40.579
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:40.192
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:39.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-02-18 22:34:39.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\bdfsfltr.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-11-26 22:05:47.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00060_002\avcuf64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2011-11-12 16:03:39.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\bdsandbox.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ X2 Dual-Core Mobile RM-70
Percentage of memory in use: 67%
Total physical RAM: 3837.42 MB
Available physical RAM: 1255.8 MB
Total Virtual: 7901.23 MB
Available Virtual: 4531.98 MB
 
==================== Drives ================================
 
Drive c: (SQ004740V04) (Fixed) (Total:231.42 GB) (Free:78.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 0C120C11)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 24 September 2015 - 03:40 PM

Hi Jared,
you are welcome. Please do the following now:

Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Dragon Branch
    Buzzdock
    Ask Shopping Toolbar 
    Ask Toolbar 
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif


Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 September 2015 - 12:54 AM

Hi Jurgen,

 

Thanks again. I have completed the first 2 steps and am working on the rest. One problem with step 1: I did not find the program "buzzdock" in the revo uninstaller list. the others I successfully uninstalled.

 

Below is my log from adware cleaner.

 

# AdwCleaner v5.009 - Logfile created 28/09/2015 at 22:34:23
# Updated 27/09/2015 by Xplode
# Database : 2015-09-27.1 [Server]
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (x64)
# Username : user - GABE-LAPTOP
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[#] Folder Deleted : C:\Program Files (x86)\Conduit
[#] Folder Deleted : C:\ProgramData\apn
[#] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[#] Folder Deleted : C:\ProgramData\Viewpoint
[#] Folder Deleted : C:\ProgramData\RosettaStoneLtdServices
[#] Folder Deleted : C:\users\user\AppData\Local\VNT
[#] Folder Deleted : C:\Users\user\AppData\Local\Temp\apn
[#] Folder Deleted : C:\users\user\AppData\LocalLow\Conduit
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : IHUninstallTrackingTASK
[-] Task Deleted : Adobe Flash Player Updater
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Cheat Engine\OpenCandy
[-] Key Deleted : HKLM\SOFTWARE\Viewpoint
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\YahooPartnerToolbar
[!] Key Not Deleted : HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\AppDataLow\Software\Conduit
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41B798CA-7A24-4872-9FF3-21368AC69306}
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7CC94BCA-8E5E-4FAD-ACE5-798C208642BC}
[-] Data Restored : HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1oDB0VXfV5bFElXTwhnMlhfDlczU1RNI1E=
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfQtZVQBIGQYbbQpcWV9cFQISdhRaBw9JDAAUd10IUV1IQAAXcB9aFQQTQkcFME0FBloEURNNfX1KAF4eT3dRIVdbCQ==&q={searchTerms}
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lpadbdkobbgjgonnfnipfngifldcdfin
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4565 bytes] ##########


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 29 September 2015 - 04:45 AM

:thumbup2:

 

Please go ahead with the next steps.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 September 2015 - 01:19 PM

Ok. Here is my log from Malwarebytes.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 09/28/2015
Scan Time: 11:00:38 PM
Logfile: MW scan.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.29.01
Rootkit Database: v2015.09.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: user
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390133
Time Elapsed: 11 hr, 41 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
PUP.Optional.Yontoo.ChrPRST, HKU\S-1-5-21-2554034294-363694751-669932369-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [7d28ec49513ad36377d54d8efc08b947]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 48
PUP.Optional.DragonBranch, C:\Users\user\AppData\Roaming\How Inc\1DBB8F5C0132415DA92A06546004F90A\setup.exe, Quarantined, [208561d42b60aa8c375c518d3dc4c63a], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{2C3D3301-9F88-4AA6-8B1F-DED490694BBD}.dll, Quarantined, [1b8ae154d0bb66d08013dfffbf421ae6], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{30A09729-D089-4465-9086-EC81BA4855F4}.dll, Quarantined, [891ca0950d7e4aec454e607e8c7541bf], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{59C31BAB-37A3-451C-B429-A79D9E2DB24D}.dll, Quarantined, [0b9a3afb46454fe74f44736b976a03fd], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{5D376B59-5754-427D-954F-724759C908DB}.dll, Quarantined, [564f72c31c6fc76fb1e2439bdc25d32d], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{61BBBBA3-8F33-4EB1-BA8F-A57769A4CD1D}.dll, Quarantined, [1b8a48edb9d2d95d3e5533ab8978a65a], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{6293DD97-FE4D-4B30-832E-F60B509D25FC}.dll, Quarantined, [159058dd7813181e593ab727af5210f0], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{6517D83A-AB89-4679-AFDF-CD6FE2FFEC4F}.dll, Quarantined, [22837abb3a51cf671182b32b45bc3bc5], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{AA79B8C6-5465-4C73-B884-A34E07515699}.dll, Quarantined, [c2e39b9a810a5ed80291a638ac55c838], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{AB3CFE59-1A6D-4238-98CC-726A59B66102}.dll, Quarantined, [6b3a6ec74d3ed264fc97e9f5639e44bc], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{AC77046C-AC25-47F6-BBE2-1308811E1838}.dll, Quarantined, [b4f1999c1e6de74f098a6d7138c9a65a], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{BBF8A3E7-3A06-4B63-AB73-E9EC96707221}.dll, Quarantined, [d5d061d4bdced75f395a58869968e719], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{C0B315A6-B96A-4841-844C-1BA884C5697E}.dll, Quarantined, [a401d362ef9cd660048f34aa4eb3f40c], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{C6C59101-3361-45E3-8E96-02BBE1D288C7}.dll, Quarantined, [178ef540117a47efa4ef0fcf0ef3df21], 
PUP.Optional.APNToolBar, C:\Users\user\AppData\Local\Temp\APNSetup.exe, Quarantined, [bce9be77d0bb73c37e7602b8699822de], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{CAA2ED62-51C8-4804-A45E-DBA95394AE93}.dll, Quarantined, [2d7842f3404b6fc7553ee7f736cb837d], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{CDFD99A2-27BE-4011-9D8D-3BFF7B6E4DE8}.dll, Quarantined, [3570b77e6724c3737f14934bbe43a060], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{D064C75A-3F83-4CCF-9EFA-E0617E3EBC53}.dll, Quarantined, [3a6b1c19385337ff96fd68768e7335cb], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{D85E4A4A-83E8-4EA8-92EF-2F18D32447D8}.dll, Quarantined, [347185b0d2b9be78ace7667856ab9967], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{DED9B3E9-D622-4801-A4D8-CD5B1917194E}.dll, Quarantined, [a401da5b5239d75ff1a2cd1112ef51af], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{E5DD7ABF-BB82-44B6-8DCD-C2B94E64EC03}.dll, Quarantined, [673ee64f424987af395a8658fd04cc34], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{E608CDA4-9E4A-4F79-A6A7-8B0DCE9C9F54}.dll, Quarantined, [6540f63f5239f83e5d36835b70913ac6], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{E83D3AF3-3E6D-47A5-8A86-04E0905770BC}.dll, Quarantined, [5d48c5703358ef477c17637b42bf0df3], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{ED70083F-8B0B-4AC5-87DE-61405A2C5028}.dll, Quarantined, [b0f55ed79fec8fa71f74f0eeee1307f9], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{F5315BF8-C518-49F4-AA2B-C28DC3C7F71D}.dll, Quarantined, [8a1bc86de4a7171fd7bc8a54f1103bc5], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{0907FDC7-03F1-406B-862E-418C72CC096F}.dll, Quarantined, [505551e4424994a2f89b03dbc14016ea], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{1158023A-13F0-40D0-A3C1-13C91EC92710}.dll, Quarantined, [644131045b30ed49ccc72eb0d42d43bd], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{14650349-E94F-4F83-BB41-5DC5B08B4D47}.dll, Quarantined, [baeb4ce98605b97d98fbe6f82ed31ae6], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{16388739-FEDD-4F8C-B6AE-C6E1E73B419D}.dll, Quarantined, [7b2a181db5d644f2d0c3c9150df4f30d], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{1F508F93-14D6-4458-9EC7-5B700E5E2690}.dll, Quarantined, [5550072e0685fe388310b727ee1302fe], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{20DFC162-24E3-43FB-A1FD-11658DB25B6F}.dll, Quarantined, [d0d582b388034ee8088b17c71ce5e61a], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{F59B7E61-0BC7-4A98-B078-11BEF4B54D80}.dll, Quarantined, [dcc9cd683d4e5adc3f54409eb34e1be5], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{76C7EEAA-5D39-4A13-9E3B-958FD804EA74}.dll, Quarantined, [d6cfb481fa9161d5652efae4ae53bb45], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{77B55524-E40B-4853-B11B-7BB077289D4B}.dll, Quarantined, [dacba095f9921224a2f17569be43c23e], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{7EDE0E8C-FE0B-47BD-BD63-5A6D35896E27}.dll, Quarantined, [9c094ce98efdc96d4f44f5e93ac7f30d], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{7F7CC663-DF98-48A3-8A82-F0D44C5E0900}.dll, Quarantined, [4a5b122399f245f1e9aa746a867ba65a], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{8AF4EB61-B1FC-428D-A741-F3DC65DCAE4F}.dll, Quarantined, [852012233d4eed49444f00dece335fa1], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{8B30857A-F709-421F-B24F-B5D538ACF821}.dll, Quarantined, [2c79e4514744979f32619b43c43d5ea2], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{8D71FF53-951B-4FF5-B864-F7EB6D0BF170}.dll, Quarantined, [f7ae0c295b30e45292016e70867b01ff], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{90F2387D-21EB-4509-B298-E799C977C740}.dll, Quarantined, [7a2b300599f279bdc5ce6975ec159a66], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{93944349-6FA9-41A7-9F9F-2267F42AAA61}.dll, Quarantined, [5055043155363ff7aee5dd01bc45bb45], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{981E078B-4A06-41D7-A88A-47A9A336E211}.dll, Quarantined, [faab290c296279bd910217c705fcf40c], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{A7F8E8C5-EA5E-4DB8-882A-472FF7B4D914}.dll, Quarantined, [baeb74c1e9a2a78f95fe439bd72a03fd], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{678DDAFC-9E59-4E3A-9C11-A94680AE37A7}.dll, Quarantined, [188dcd68a9e213234152f4eaa25fbd43], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{C8C517D6-AE9F-443D-8DB3-95F1A2178763}.dll, Quarantined, [ccd91025414afc3a276caf2f09f8758b], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Temp\{F539C578-9C6B-417B-980C-7DEBC07BE19C}.dll, Quarantined, [e2c305302e5d3204672c5f7f47ba9b65], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTPS_DRAGONBRANCH-A.AKAMAIHD.NET_0.LOCALSTORAGE, Quarantined, [980dc96c4e3d4beb0fdc4d50de2602fe], 
PUP.Optional.DragonBranch, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\HTTPS_DRAGONBRANCH-A.AKAMAIHD.NET_0.LOCALSTORAGE-JOURNAL, Quarantined, [a50086affd8ead89db108c118c7816ea], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 September 2015 - 01:26 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015

Ran by user (administrator) on GABE-LAPTOP (29-09-2015 11:23:22)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation.) C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Dropbox, Inc.) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Dropbox, Inc.) C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431968 2008-02-06] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1216808 2007-11-29] (Synaptics, Inc.)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [519544 2007-12-11] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52560 2007-12-06] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [865280 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2710856 2009-11-01] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)
HKLM-x32\...\Run: [PCMAgent] => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
HKLM-x32\...\Run: [CLMLServer] => "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
HKLM-x32\...\Run: [cfFncEnabler.exe] => cfFncEnabler.exe
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-10-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [TOSCDSPD] => TOSCDSPD.EXE
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [f.lux] => C:\Users\user\AppData\Local\FluxSoftware\Flux\flux.exe [1013128 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Dropbox Update] => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-24] (Dropbox, Inc.)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Run: [Spotify] => C:\Users\user\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-21] (Spotify Ltd)
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {97c37c82-6587-11dd-ab11-001e6896ff61} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {97c37c85-6587-11dd-ab11-001e6896ff61} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {a9c522a4-9df7-11df-b48b-001e6896ff61} - E:\Setup_FlipShare.exe
HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {cb613b61-6580-11e0-9118-001e6896ff61} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013-10-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dropbox.lnk [2015-03-14]
ShortcutTarget: Dropbox.lnk -> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 130.65.25.1 130.65.120.1
Tcpip\..\Interfaces\{BB19A359-0C26-4938-B9FF-1E4809BADD28}: [DhcpNameServer] 130.65.25.1 130.65.120.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
HKU\S-1-5-21-2554034294-363694751-669932369-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.toshibadirect.com/dpdstart
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage};
SearchScopes: HKLM-x32 -> DefaultScope {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM-x32 -> {7CC94BCA-8E5E-4FAD-ACE5-798C208642BC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> OldSearch URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-07-22] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {44990B00-3C9D-426D-81DF-AAB636FA4345} hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
DPF: HKLM-x32 {474F00F5-3853-492C-AC3A-476512BBC336} hxxp://picasaweb.google.com/s/v/46.18/uploader2.cab
DPF: HKLM-x32 {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: HKLM-x32 {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/ID-ID/a-UNO1/GAME_UNO1.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2009-10-20] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-10-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-10-17] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @facebook.com/FBPlugin,version=1.0.1 -> C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll No File
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-2554034294-363694751-669932369-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-11-04] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-14]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-17]
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggRIQ0BWAFCGRgQJAFeTA1GEAMOIl8OWRREFgJHcAlcWFhEFQUFIk0FA1oDB0VXfV5bFElXTwhnMlhfDlczU1RNI1E="
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-15]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-15]
CHR Extension: (Dropbox for Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-05-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-10-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-15]
CHR Extension: (RealDownloader) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-14]
CHR Extension: (Summer Fields) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lioedaeelokfajcbbdbbljmcjadfbngf [2013-10-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-15]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ConfigFree Gadget Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [36864 2008-04-03] (TOSHIBA Corporation.) [File not signed]
S3 ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2008-12-25] (Macrovision Europe Ltd.) [File not signed]
S2 gupdate1c98a6795b80720; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-09-08] ()
S3 jswpsapi; C:\Program Files (x86)\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
S3 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [84992 2008-04-24] (Toshiba) [File not signed]
S3 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [66928 2007-10-23] ()
S3 TNaviSrv; C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [83312 2008-04-11] (TOSHIBA Corporation)
S3 TODDSrv; C:\Windows\system32\TODDSrv.exe [135168 2007-11-21] (TOSHIBA Corporation) [File not signed]
S3 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [175104 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [58496 2008-01-20] (Microsoft Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S2 MCSTRM; no ImagePath
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-12-15] () [File not signed]
S3 SynUSB64; C:\Windows\System32\DRIVERS\SynUSB64.sys [30352 2009-06-26] (Steinberg Media Technologies GmbH)
S3 Tosrfcom; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
U4 bdselfpr; no ImagePath
S3 iLokDrvr; system32\DRIVERS\iLokDrvr.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 L6UX2; System32\Drivers\L6UX264.sys [X]
S3 LoopBeMidi1; system32\drivers\loopbe1.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 O2MDRDR; system32\DRIVERS\o2mdx64.sys [X]
S3 O2SDRDR; system32\DRIVERS\o2sdx64.sys [X]
U2 wuaserv; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 11:18 - 2015-09-29 11:18 - 00008775 _____ C:\Users\user\Desktop\MW scan.txt
2015-09-28 22:57 - 2015-09-29 11:14 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 22:57 - 2015-09-28 22:57 - 00000928 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-28 22:57 - 2015-09-28 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 22:56 - 2015-09-28 22:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-28 22:56 - 2015-09-28 22:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 22:56 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-28 22:56 - 2015-06-18 08:41 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-28 22:56 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-28 22:55 - 2015-09-28 22:55 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-28 22:32 - 2015-09-28 22:32 - 01670656 _____ C:\Users\user\Desktop\AdwCleaner.exe
2015-09-28 22:31 - 2015-09-28 22:34 - 00000000 ____D C:\AdwCleaner
2015-09-28 22:08 - 2015-09-28 22:08 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup (1).exe
2015-09-28 21:58 - 2015-09-28 21:58 - 00001088 _____ C:\Users\user\Desktop\Revo Uninstaller.lnk
2015-09-28 21:58 - 2015-09-28 21:58 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-28 21:57 - 2015-09-28 21:57 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\user\Downloads\revosetup.exe
2015-09-28 07:40 - 2015-09-29 10:59 - 00003344 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2554034294-363694751-669932369-1000
2015-09-24 12:15 - 2015-09-29 11:23 - 00026343 _____ C:\Users\user\Desktop\FRST.txt
2015-09-24 12:14 - 2015-09-29 11:23 - 00000000 ____D C:\FRST
2015-09-24 12:13 - 2015-09-24 12:13 - 02192384 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-09-21 23:33 - 2015-09-21 23:33 - 00001675 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-21 23:33 - 2015-09-21 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-21 23:31 - 2015-09-21 23:32 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-21 23:31 - 2015-09-21 23:32 - 00000000 ____D C:\Program Files\iTunes
2015-09-21 23:31 - 2015-09-21 23:31 - 00000000 ____D C:\Program Files\iPod
2015-09-21 23:31 - 2015-09-21 23:31 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-21 23:22 - 2015-09-21 23:22 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-21 23:22 - 2015-09-21 23:22 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-21 23:20 - 2015-09-21 23:20 - 00001733 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-09-21 23:20 - 2015-09-21 23:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-09-21 23:20 - 2015-09-21 23:20 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-09-21 10:22 - 2015-09-21 10:22 - 00000000 ____D C:\Users\user\Downloads\backups
2015-09-21 09:54 - 2015-09-21 09:54 - 00013244 _____ C:\Users\user\Desktop\hijackthis.log
2015-09-21 09:52 - 2015-09-21 10:00 - 00013306 _____ C:\Users\user\Downloads\hijackthis.log
2015-09-21 09:50 - 2015-09-21 09:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HijackThis.exe
2015-09-14 08:40 - 2015-09-14 08:40 - 00001901 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2015-09-14 08:40 - 2015-09-14 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2015-09-14 08:40 - 2015-09-14 08:40 - 00000000 ____D C:\Program Files\McAfee Security Scan
2015-09-12 17:23 - 2015-09-29 10:59 - 00003208 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2554034294-363694751-669932369-1000
2015-09-05 16:32 - 2015-09-05 16:32 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-04 00:24 - 2015-09-04 00:24 - 06427942 _____ C:\Users\user\Downloads\IMG_1261.mov
2015-09-03 23:30 - 2015-09-03 20:03 - 572551396 ____N C:\Users\user\Desktop\IMG_2780.MOV
2015-09-01 22:53 - 2015-08-14 16:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-01 22:53 - 2015-08-14 16:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-01 22:53 - 2015-08-14 16:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-01 22:53 - 2015-08-14 16:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-01 22:53 - 2015-08-14 15:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-01 22:53 - 2015-08-14 15:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 11:14 - 2013-11-27 22:28 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2015-09-29 11:03 - 2013-11-27 22:28 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2015-09-29 11:03 - 2008-07-12 03:53 - 01437731 _____ C:\Windows\WindowsUpdate.log
2015-09-29 10:57 - 2013-12-07 15:04 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job
2015-09-29 10:57 - 2009-06-30 18:10 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 10:55 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 10:55 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 10:55 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 10:55 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\registration
2015-09-29 10:54 - 2008-01-20 20:26 - 00348926 _____ C:\Windows\PFRO.log
2015-09-29 10:54 - 2006-11-02 06:33 - 00000000 ____D C:\Windows\Provisioning
2015-09-29 10:50 - 2006-11-02 08:42 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-29 10:39 - 2015-06-24 12:19 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job
2015-09-29 10:33 - 2009-06-30 18:10 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 10:32 - 2015-06-24 12:19 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job
2015-09-28 22:56 - 2008-08-25 19:18 - 00006944 _____ C:\Users\user\AppData\Local\d3d9caps.dat
2015-09-28 22:50 - 2014-07-07 13:47 - 00000000 ___RD C:\Users\user\Dropbox
2015-09-28 22:50 - 2014-07-07 13:44 - 00000000 ____D C:\Users\user\AppData\Roaming\Dropbox
2015-09-28 21:47 - 2013-12-07 15:04 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job
2015-09-26 09:24 - 2013-10-15 00:42 - 00001998 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 20:28 - 2015-06-27 08:46 - 00000000 ____D C:\Users\user\AppData\Roaming\EQATEC Analytics
2015-09-24 14:24 - 2015-05-27 14:21 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-09-21 23:31 - 2013-11-26 01:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-21 23:22 - 2013-11-26 01:22 - 00001830 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-21 22:32 - 2013-10-29 07:15 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-21 22:32 - 2013-10-29 07:15 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-18 18:52 - 2013-12-07 15:04 - 00003786 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA
2015-09-18 18:52 - 2013-12-07 15:04 - 00003390 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core
2015-09-16 20:27 - 2009-06-30 18:10 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 20:27 - 2009-06-30 18:10 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-16 20:25 - 2015-08-20 18:33 - 00000732 _____ C:\Users\user\AppData\Local\d3d9caps64.dat
2015-09-16 20:22 - 2008-11-17 18:51 - 00000000 ____D C:\Users\user\AppData\Local\Google
2015-09-02 23:13 - 2006-11-02 05:46 - 00777736 _____ C:\Windows\system32\PerfStringBackup.INI
 
==================== Files in the root of some directories =======
 
2008-08-24 11:46 - 2011-04-15 22:59 - 0000004 _____ () C:\Users\user\AppData\Roaming\1D2983
2010-11-04 23:29 - 2011-04-15 22:59 - 0870128 _____ () C:\Users\user\AppData\Roaming\mcs.rma
2009-06-08 18:47 - 2009-06-08 18:47 - 0027070 _____ () C:\Users\user\AppData\Roaming\UserTile.png
2009-05-04 21:37 - 2011-02-22 10:27 - 0001474 _____ () C:\Users\user\AppData\Roaming\wklnhst.dat
2010-11-26 15:11 - 2010-11-26 15:11 - 0000552 _____ () C:\Users\user\AppData\Local\d3d8caps.dat
2008-08-25 19:18 - 2015-09-28 22:56 - 0006944 _____ () C:\Users\user\AppData\Local\d3d9caps.dat
2015-08-20 18:33 - 2015-09-16 20:25 - 0000732 _____ () C:\Users\user\AppData\Local\d3d9caps64.dat
2008-08-24 00:23 - 2014-08-05 11:44 - 0086528 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-10-01 21:02 - 2009-10-01 21:02 - 0220326 _____ () C:\Users\user\AppData\Local\dd_ATL90SP1_KB973924MSI063F.txt
2009-10-01 21:02 - 2009-10-01 21:02 - 0011668 _____ () C:\Users\user\AppData\Local\dd_ATL90SP1_KB973924UI063F.txt
2009-02-14 14:50 - 2009-02-14 15:03 - 0200242 _____ () C:\Users\user\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2009-02-14 14:50 - 2009-02-14 14:50 - 0000002 _____ () C:\Users\user\AppData\Local\dd_dotnetfx35error.txt
2009-02-14 14:50 - 2009-02-14 15:14 - 0171448 _____ () C:\Users\user\AppData\Local\dd_dotnetfx35install.txt
2009-02-14 15:11 - 2009-02-14 15:13 - 2483460 _____ () C:\Users\user\AppData\Local\dd_NET_Framework35_x64_MSI15A5.txt
2009-09-21 16:01 - 2009-09-21 16:02 - 0413114 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI1327.txt
2010-12-18 20:18 - 2010-12-18 20:18 - 0368086 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI197C.txt
2015-06-29 13:31 - 2015-06-29 13:31 - 0386858 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI3208.txt
2014-09-21 20:50 - 2014-09-21 20:50 - 0387180 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI3ED6.txt
2011-08-05 01:00 - 2011-08-05 09:45 - 0619316 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI5632.txt
2015-06-26 14:31 - 2015-06-26 14:32 - 0386944 _____ () C:\Users\user\AppData\Local\dd_vcredistMSI757D.txt
2009-09-21 16:01 - 2009-09-21 16:02 - 0012150 _____ () C:\Users\user\AppData\Local\dd_vcredistUI1327.txt
2010-12-18 20:18 - 2010-12-18 20:18 - 0011378 _____ () C:\Users\user\AppData\Local\dd_vcredistUI197C.txt
2015-06-29 13:31 - 2015-06-29 13:31 - 0014986 _____ () C:\Users\user\AppData\Local\dd_vcredistUI3208.txt
2014-09-21 20:50 - 2014-09-21 20:50 - 0011386 _____ () C:\Users\user\AppData\Local\dd_vcredistUI3ED6.txt
2011-08-05 01:00 - 2011-08-05 09:45 - 0218628 _____ () C:\Users\user\AppData\Local\dd_vcredistUI5632.txt
2015-06-26 14:31 - 2015-06-26 14:32 - 0011370 _____ () C:\Users\user\AppData\Local\dd_vcredistUI757D.txt
2009-02-14 14:50 - 2009-02-14 15:14 - 0002330 _____ () C:\Users\user\AppData\Local\uxeventlog.txt
2014-12-12 00:03 - 2014-12-12 00:03 - 0000000 _____ () C:\Users\user\AppData\Local\{3A778817-DF04-497C-A96F-EE69EFDE81F5}
2015-03-21 03:41 - 2015-03-21 03:41 - 0000000 _____ () C:\Users\user\AppData\Local\{CA534B88-B529-45CF-8C5D-B4E1A8EF52B7}
2015-03-24 04:41 - 2015-03-24 04:41 - 0000000 _____ () C:\Users\user\AppData\Local\{E2F03E1A-B0EE-450C-A7B7-D5212404032A}
2015-07-26 04:46 - 2015-07-26 04:46 - 0000000 _____ () C:\Users\user\AppData\Local\{E76F6864-60F4-48A0-9FA6-34F6CC7BF13F}
2011-09-05 12:40 - 2011-09-05 12:40 - 0302764 _____ () C:\ProgramData\1315214779.bdinstall.bin
2012-02-18 23:36 - 2012-02-18 23:36 - 0092549 _____ () C:\ProgramData\1329633254.bdinstall.bin
2010-08-22 12:55 - 2011-03-08 01:34 - 0015531 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\user\AppData\Local\Temp\cct.dll
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvribj.dll
C:\Users\user\AppData\Local\Temp\GUR2CDB.exe
C:\Users\user\AppData\Local\Temp\GUR6AA6.exe
C:\Users\user\AppData\Local\Temp\GUR8AC1.exe
C:\Users\user\AppData\Local\Temp\GURADAC.exe
C:\Users\user\AppData\Local\Temp\GURE453.exe
C:\Users\user\AppData\Local\Temp\GUREDE8.exe
C:\Users\user\AppData\Local\Temp\JavaIC.dll
C:\Users\user\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\user\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\user\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\user\AppData\Local\Temp\lowproc.exe
C:\Users\user\AppData\Local\Temp\MSETUP4.EXE
C:\Users\user\AppData\Local\Temp\msscct32.dll
C:\Users\user\AppData\Local\Temp\oi_{1A41D821-6C0B-4677-8456-CE7AACE68363}.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\stubhelper.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-29 11:05
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by user (2015-09-29 11:24:31)
Running from C:\Users\user\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) (2008-07-12 10:54:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2554034294-363694751-669932369-500 - Administrator - Enabled)
Guest (S-1-5-21-2554034294-363694751-669932369-501 - Limited - Disabled)
user (S-1-5-21-2554034294-363694751-669932369-1000 - Administrator - Enabled) => C:\Users\user
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.76 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ARIA Engine v1.6.2.0 (HKLM\...\ARIA Engine_is1) (Version: v1.6.2.0 - Plogue Art et Technologie, Inc)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Atheros Wi-Fi Protected Setup Library (HKLM-x32\...\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}) (Version:  - Atheros)
ATI Catalyst Install Manager (HKLM\...\{44791AD6-C026-4889-5562-CAC89488EA87}) (Version: 3.0.664.0 - ATI Technologies, Inc.)
Audacity 1.3.5 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Authorizer Ignition Key Support (Version: 1.0.0 - Propellerhead Software AB) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.07(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM-x32\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version:  - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version:  - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version:  - )
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
Canon MX340 series User Registration (HKLM-x32\...\Canon MX340 series User Registration) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
ccc-core-static (x32 Version: 2008.0422.2139.36895 - ATI) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.36.7.50 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
f.lux (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Flux) (Version:  - )
Finale 2014d (HKLM-x32\...\Finale 2014) (Version: 2014.4.5030.0 - MakeMusic)
Finale NotePad 2012 (HKLM-x32\...\Finale NotePad 2012) (Version: 2012..r1.5 - MakeMusic)
Free YouTube Downloader 4.0.365 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version:  - HOW Inc.)
Garritan ARIA Player v1.620 (HKLM\...\__ARIA_1012___is1) (Version: v1.6.2.0 - Garritan)
Garritan Instruments for Finale (HKLM\...\__ARIA_1013___is1) (Version: v2.0.0.1 - Garritan)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5051&SUBSYS_1179) (Version: 7.73.00 - Conexant Systems)
HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\{5254156F-AA77-499A-B7C1-D5581D44E788}) (Version: 10.57.4.3 - Marvell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Melodyne 3.1 (x32 Version: 3.1.0200 - Celemony Software GmbH) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM-x32\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Record Ignition Key Support (Version: 1.0.0 - Propellerhead Software AB) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Roxio Video Capture USB Driver (HKLM-x32\...\TVEpaDrv) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (x32 Version: 2008.0422.2139.36895 - ATI) Hidden
Spotify (HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.7.0 - Synaptics)
TI-83 Plus Flash Debugger (HKLM-x32\...\TI-83 Plus Flash Debugger) (Version:  - )
TOSHIBA Application Disc Creator (HKLM\...\{B431E4D3-ECE7-4D41-8668-BCF9BD685B62}) (Version: 2.0.0.1b for x64 - TOSHIBA Corporation)
Toshiba Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.03 - TOSHIBA)
TOSHIBA ConfigFree (HKLM-x32\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.15 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 for x64 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 2.0.2.64 - TOSHIBA)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{E8B39B08-7FAB-48CC-89E9-37C5589E130C}) (Version:  - )
TOSHIBA PowerCinema Helper (HKLM-x32\...\{FB356619-7ECE-42BC-A28A-541973E29F28}) (Version: 1.00 - TOSHIBA Corporation)
TOSHIBA Software Upgrades (HKLM-x32\...\{425A2BC2-AA64-4107-9C29-484245BBEA05}) (Version: 4.3 - TOSHIBA)
TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version:  - )
TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{DF0853CA-A1D0-4169-8472-F2822C8FA1EB}) (Version:  - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.1.19.64 - TOSHIBA Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-09-14 08:40 - 2015-09-14 08:40 - 00000030 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {15893BBF-613D-4CA7-B4B5-EAB5CC149960} - System32\Tasks\{9DE6CF5E-F740-4620-A9D6-F61D35720C8D} => pcalua.exe -a D:\StartHere.exe -d D:\ -c /s
Task: {2487E659-A9CE-4B54-B23B-70783EB93502} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2554034294-363694751-669932369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2E7E95D3-3B6D-436E-BD2F-4A207BA69148} - System32\Tasks\{2CD67AF3-A7E8-40A4-A0AA-8560CBC31BF3} => pcalua.exe -a "C:\PROGRA~2\Ableton\Live 7.0.16\Install\UNWISE.EXE" -c C:\PROGRA~2\Ableton\Live 7.0.16\Install\INSTALL.LOG
Task: {2F8912D5-3741-4783-932A-ED8ADE5D82A9} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - user => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {4E7E6FCC-08E7-4672-83C7-A1423E752793} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {5D86AA43-4677-403F-8357-DAC13745024B} - System32\Tasks\{29975EF0-5C32-4EE1-80E7-276DEDA59C14} => pcalua.exe -a C:\DRVSTEMP\COMP9\b27260b.exe -d C:\DRVSTEMP\COMP9
Task: {69A7E165-A39D-4603-9866-AE3DED92EF0D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {6A1EC8B5-780B-4950-94F2-94B1BDD81311} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {88D4C0C6-1CB0-423D-840E-795C0041C7B5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {8AAC2D72-4A6D-49C2-8C42-BEEC6C16442B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2554034294-363694751-669932369-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {8D9B6591-1E69-4842-A0A7-16DBF2A6368E} - System32\Tasks\{53501848-1F13-4987-B1FC-841ECC254E31} => pcalua.exe -a "C:\PROGRA~2\TI Education\TI-83 Plus Flash Debugger\UNWISE.EXE" -c C:\PROGRA~2\TI Education\TI-83 Plus Flash Debugger\INSTALL.LOG
Task: {90BAF28D-A801-4731-873C-201B24549C3E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-24] (Dropbox, Inc.)
Task: {9B204688-5F20-4F16-901B-E969F63A204B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {BCCD84B0-D6B1-4759-9CB0-52FC69C5820D} - System32\Tasks\{77236C0E-0130-4259-B663-1C30D13F437B} => pcalua.exe -a C:\Users\Administrator\Desktop\B27260B.EXE -d C:\Users\Administrator\Desktop
Task: {CFA78FC4-7B9F-4CA4-91BC-4D4C48E4C596} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D8BDD497-4F16-48BA-87CD-07051E4FFBEA} - System32\Tasks\{F93EE575-6394-461E-B315-C687AFFA0648} => pcalua.exe -a "C:\PROGRA~2\Ableton\Live 6.0.1\Install\UNWISE.EXE" -c C:\PROGRA~2\Ableton\Live 6.0.1\Install\INSTALL.LOG
Task: {DC4E9CF3-BBC0-4EC5-B77A-78C8EF9860D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {EDF8AFB7-C032-4EA7-9FC9-D721CCE6A657} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {FDC42FF1-4B69-416A-9D3A-4217DF619268} - System32\Tasks\{CF3674CC-4CCA-4A54-AD94-A0C25A8FD79D} => pcalua.exe -a "C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl" -c @0,0x706c676e
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job => C:\Users\user\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2554034294-363694751-669932369-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{5C064645-A62E-4C1D-AE89-BF378FD6F168}.job => C:\Windows\system32\msfeedssync.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-27 14:21 - 2009-09-08 14:12 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2008-04-24 18:25 - 2008-04-24 18:25 - 00135680 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 18:25 - 2008-04-24 18:25 - 07553024 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 18:25 - 2008-04-24 18:25 - 01032704 _____ () C:\Windows\system32\FaceRec.dll
2008-07-12 04:15 - 2008-04-22 22:05 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
2013-10-14 23:20 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-09-29 10:58 - 2015-09-29 10:58 - 00071168 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgvribj.dll
2014-04-28 11:09 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-28 11:09 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:xqZEJta8SXkHo9ZLeUl0M
AlternateDataStreams: C:\ProgramData\Microsoft:IoHaug5fmuxkWofbsGpr894uRHSPn
AlternateDataStreams: C:\ProgramData\Microsoft:QKBq25cgIIrydPWKI7ciwN
AlternateDataStreams: C:\ProgramData\Microsoft:x8CzJBlMlzScPkkVdb
AlternateDataStreams: C:\ProgramData\Microsoft:xQ6zfdN0ghQP3CPfH1Jy4k1
AlternateDataStreams: C:\Users\user\AppData\Local\bx5TbgWGL9uCtf:Q3OJKNE1Fjcp2cJL1YK
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:1dYC2OEo0D969Rqv
AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:JZ6j2gfHVoxkMw9az6mgm
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com
 
There are 5870 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2554034294-363694751-669932369-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
DNS Servers: 130.65.25.1 - 130.65.120.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: firedogAdvisorSrvHost => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: rpcapd => 3
MSCONFIG\Services: Viewpoint Manager Service => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{132C7B6E-17F9-42C8-AEB1-0E6D8E19108F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{10D5532D-A2D8-484D-8839-9573C17C49EF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A083EA71-DAEE-48CC-A3C1-3FCE3070D1B7}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{22DD95F3-3DC8-4369-8C0D-AAE1C2A2DA16}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{BF3CE710-82A6-4F59-B3BA-E7137E41E1DC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FC9D0B0B-63BF-4F00-8EC3-D96B22BBED06}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{2325FF1F-5F58-4CBF-A577-6C8EA251457F}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{99649124-0E2F-4C72-AB35-1BC33EEF8BDA}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{532B5F73-F9DD-4A69-B6A1-BA0B0A769EA0}] => (Allow) svchost.exe
FirewallRules: [{D036CD0B-F11F-44D3-B4E3-063CD645E6E3}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{8E9C4407-6F67-4E18-B3B8-6CBC10CD597E}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{42C8480D-534C-4B14-86E4-7BD69CBCCCAB}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{276477F2-8CCD-4F75-84F0-F53CB6AA43FD}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{57DF60E7-CD7D-4803-81F8-8DDB31E3182B}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{76F3A92B-73E6-4635-9170-6F4C079BB843}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{4D1AF216-4240-4382-903A-F2B60CB307E9}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{2D11229F-462F-44ED-AAE3-15AE994D85EF}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.dll
FirewallRules: [{E7725CCB-7801-4022-BCE9-856794E1CE58}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{901E9D4B-EE82-4780-8E89-7697BD2B5732}] => (Allow) C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DD3B76E0-5F18-4DBE-BE99-C46A003C76F1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D04ABC72-834C-4243-BB29-39E645D8FC69}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{FCF4244B-AB57-4780-881F-56F97DB71279}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{F8143893-E42E-4BF7-B7C7-BE3A667E7AFD}] => (Allow) LPort=443
FirewallRules: [{CE34D0C1-1F7C-474A-AAD4-2C580A7F8ADC}] => (Allow) LPort=443
FirewallRules: [{1925FBA4-A996-4230-AC43-BDB9E464D5A6}] => (Allow) LPort=37674
FirewallRules: [{241A5686-A3D2-4501-863E-09C603569096}] => (Allow) LPort=37674
FirewallRules: [{44DD7FB2-3E25-4345-8248-A2598838F51B}] => (Allow) LPort=37675
FirewallRules: [{3E577EB4-3A21-41C7-B72A-9E51943817FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EA48F765-90D7-4540-B31E-535FADAF84CB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70FE9DDD-BDF3-4A49-AECD-894289FD5A7E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{41184D23-0982-4AD9-A3E1-BE59129215AC}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{A0C29678-9741-4240-894D-E8ADF4F82865}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{82E083E1-CD84-48F2-9594-FC36E568B84D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C0DFD82-DE1E-4579-BC0C-ED3B15078608}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7B2AEF5D-1274-4217-9292-EB272A9DB158}] => (Allow) C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
FirewallRules: [{1C5A1D2E-ED56-447E-8D87-FFA321B0A490}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{11E71A2E-4414-477C-ADD4-C486B14652F4}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{46E5F57C-AB7B-499C-8D90-32139D3A3820}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B1D5F31E-1FD7-4BFB-B87C-9C4FD6494DBD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7EFA5BC3-86E0-426D-AEDD-4EE68C483C88}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F6DE845F-E8CE-434B-99B2-76B566035FC8}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3F42\setup\HPZnui40.exe
FirewallRules: [{3985C12B-17C9-4E21-AC38-2CF5E285CFED}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3F42\setup\HPZnui40.exe
FirewallRules: [{0F69D425-8DE3-44DD-AE0C-B9B307E32B41}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F13FD13E-F4C9-450F-8D44-EF954E8F1D52}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{FAE7DEF7-BE61-464C-B5ED-C756A3D009EF}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7EABE5A7-B525-4B41-A396-8467396893AB}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3E61\setup\HPZnui40.exe
FirewallRules: [{A6244BAB-4237-423B-8F7D-70F51D5156E7}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS3E61\setup\HPZnui40.exe
FirewallRules: [{E898D6A5-1CC6-40C9-9FD1-8A1EFC267646}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9023F6B3-6B34-445E-9A46-4D2BBB2526AE}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS2350\setup\HPZnui40.exe
FirewallRules: [{768782AE-4CC2-48AB-9607-F5443E8EC4F1}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS2350\setup\HPZnui40.exe
FirewallRules: [{A834CFCF-89A6-41ED-BCE1-C8C2C994DB3F}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS7EC0\setup\HPZnui40.exe
FirewallRules: [{CD59C7AC-BED8-44FE-933C-95B79444FBFB}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS7EC0\setup\HPZnui40.exe
FirewallRules: [{6F378F4E-695A-4479-8293-33BF82715643}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7B0E3CA3-14C7-4BB7-AFB6-15E34D197DF8}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{F35F7081-33EE-495A-B8EF-2638DA6D59EB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{F41FC5D2-CFBE-438B-885C-EC8FD0DB5A76}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1A44D5EB-22FC-4652-95ED-949FD34E8A0E}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS664D\setup\HPZnui40.exe
FirewallRules: [{0D1FE93C-B8B8-4F01-B38A-A68B7D727109}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS664D\setup\HPZnui40.exe
FirewallRules: [{8B2173CF-64E4-4DBB-BE52-73C406C27FB7}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4BCD\setup\HPZnui40.exe
FirewallRules: [{1396CD69-5B1E-4E8E-BD5F-8869ADD5E4B4}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4BCD\setup\HPZnui40.exe
FirewallRules: [TCP Query User{6180A679-09E7-4353-A15A-019BF8BFCD4B}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{4E57B8CE-1B3F-49EF-BA1F-99BD32A1FA49}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{A3537CF2-57E0-4504-A754-5626192B6F9F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D4DB27A3-8157-4E33-A8A0-C4369D04E845}] => (Allow) LPort=2869
FirewallRules: [{2FC65855-AF1D-4061-AFE8-B763AA513126}] => (Allow) LPort=1900
FirewallRules: [{ECFC23E4-C190-47DB-8052-C580A5530196}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4F9C\setup\HPZnui40.exe
FirewallRules: [{972ADBD3-881E-442F-8763-A774BF2ABC11}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4F9C\setup\HPZnui40.exe
FirewallRules: [TCP Query User{A5667C2D-1893-4028-A392-3DBDEF1FEEDF}C:\program files (x86)\rhapsody\rhapsody.exe] => (Allow) C:\program files (x86)\rhapsody\rhapsody.exe
FirewallRules: [UDP Query User{AF4FC810-2982-4D36-9513-61645056F359}C:\program files (x86)\rhapsody\rhapsody.exe] => (Allow) C:\program files (x86)\rhapsody\rhapsody.exe
FirewallRules: [{891720B1-7C0C-4531-BE93-9946AF7A8656}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS784B\setup\HPZnui40.exe
FirewallRules: [{65CEACFC-38E3-47FE-A25A-1486416C7B10}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS784B\setup\HPZnui40.exe
FirewallRules: [TCP Query User{2CDA30D6-5DB5-4006-BC5B-8D1C0C98C33D}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [UDP Query User{05B9B2E3-33FA-48B9-AD3A-49586CFD2BD0}C:\program files\steinberg\cubase 5\cubase5.exe] => (Allow) C:\program files\steinberg\cubase 5\cubase5.exe
FirewallRules: [TCP Query User{36AEAA0E-0562-47B6-80BC-B273E15E21A4}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe
FirewallRules: [UDP Query User{B4C98A4C-BB10-4693-81F4-22C7E4F0EF23}C:\program files (x86)\microsoft games\halo trial\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo trial\halo.exe
FirewallRules: [TCP Query User{C5C966CF-0062-442E-B906-EA68FA0EF14D}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [UDP Query User{CDC53FDF-D839-4D96-B76E-71A87A91C58F}C:\program files (x86)\microsoft games\halo\halo.exe] => (Allow) C:\program files (x86)\microsoft games\halo\halo.exe
FirewallRules: [{258DF021-ED9C-4647-AC4B-79824DE06862}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS205F\setup\HPZnui40.exe
FirewallRules: [{F841376A-6A41-47EE-A73D-CF06B5291880}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS205F\setup\HPZnui40.exe
FirewallRules: [TCP Query User{C1B67D32-EF88-43CA-96CB-DDA05EEC0C0A}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [UDP Query User{C3AD333C-DCB4-4BD7-A3E9-F68BE4C3A6FC}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe
FirewallRules: [{CE3DFF9F-AEE5-49B6-B27B-AE3E5F6864E0}] => (Allow) LPort=80
FirewallRules: [{8FFA49F0-F408-4537-A7C2-3B4C2FFA9237}] => (Allow) LPort=80
FirewallRules: [{FFB17BAF-47E7-4FCC-9577-99194F131420}] => (Allow) LPort=80
FirewallRules: [TCP Query User{0E8485A1-DC8D-4376-B398-2B6AE22A5BD1}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{222A9EAC-EBAC-47D5-8A2E-42382CEBE4BC}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{28AC6372-15E5-4885-AFCE-0697E10C9C71}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25FF3727-D85F-4080-99AB-899CBFE16B6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AB00DDBC-7B35-4A5E-9B24-3E5741B017CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E87AAC5D-57A7-4FF4-9808-F5798347D85A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{4D5CB2B9-B086-4056-85DC-49B2DEDC6039}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7D9C3B9A-41B9-4D1D-BA19-20071FC2296D}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A974DCFF-A404-4534-8665-2974C6481F00}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{188DBE18-07D5-4D1F-BE1F-4B0EF6127C6E}C:\users\user\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{98F9666E-1FAE-48B5-B137-66B37BF186E0}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E706C0F1-0A4F-4C36-ADCE-E1C14E88E766}] => (Allow) C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{03E2C21F-BB50-4CE6-A0C2-C5D0E61144C2}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0ED42D42-2F12-4852-AE6B-2AE8AC70458B}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9F1F88CF-B30E-4C06-A5EA-A74766AB4735}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F2652B46-D691-48C9-8B13-2E1746B27548}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [bin\CodeMeter.exe] => C:\Program Files (x86)\CodeMeter\Runtime\:*:Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\ivp\NetInt\Netint.exe] => Enabled:NIE - Toshiba Software Upgrades Engine
StandardProfile\AuthorizedApplications: [C:\TOSHIBA\Ivp\ISM\pinger.exe] => Enabled:Toshiba Software Upgrades Pinger
StandardProfile\AuthorizedApplications: [bin\CodeMeter.exe] => C:\Program Files (x86)\CodeMeter\Runtime\:*:Enabled:CodeMeter Runtime Server
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/29/2015 11:20:01 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:20:01 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:14:28 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:14:27 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:13:19 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:13:19 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:12:29 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:12:29 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:11:57 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
Error: (09/29/2015 11:11:57 AM) (Source: profsvc) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The system cannot find the file specified.
 
 
System errors:
=============
Error: (09/29/2015 11:00:48 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
 
Error: (09/29/2015 10:57:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/29/2015 10:56:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (09/29/2015 10:55:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: MCSTRM%%2
 
Error: (09/29/2015 10:50:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/29/2015 10:32:58 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.1.88 for the Network Card with network address 001B9EA15F67 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (09/29/2015 12:13:29 AM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.
 
Error: (09/29/2015 12:12:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/29/2015 12:12:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (09/29/2015 12:12:46 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
CodeIntegrity:
===================================
  Date: 2015-09-29 11:24:21.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:20.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:19.633
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:18.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:17.636
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:16.732
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:15.778
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:24:14.811
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:23:37.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-09-29 11:23:36.730
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion™ X2 Dual-Core Mobile RM-70
Percentage of memory in use: 57%
Total physical RAM: 3837.42 MB
Available physical RAM: 1642.23 MB
Total Virtual: 7895.23 MB
Available Virtual: 5249.53 MB
 
==================== Drives ================================
 
Drive c: (SQ004740V04) (Fixed) (Total:231.42 GB) (Free:78.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 0C120C11)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=231.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#9 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 29 September 2015 - 01:27 PM

I believe I have completed all the steps up to this point. My homepage problem is fixed (thank you!) but I know there may be more to do. Please advise. Thanks



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 29 September 2015 - 01:29 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 02 October 2015 - 10:18 AM

Hi,

3 Day Inactivity

this is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 03 October 2015 - 12:06 AM

Hi, still here. Could use a bit more time, I'll try to catch up on these in the next couple of days.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 03 October 2015 - 04:34 AM

OK. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 jaredkauk

jaredkauk
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 05 October 2015 - 12:10 AM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=68d43f8b244c9e47935552586f30fd8d
# end=init
# utc_time=2015-10-04 07:09:48
# local_time=2015-10-04 12:09:48 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 26075
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=68d43f8b244c9e47935552586f30fd8d
# end=updated
# utc_time=2015-10-04 07:19:08
# local_time=2015-10-04 12:19:08 (-0800, Pacific Daylight Time)
# country="United States"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=68d43f8b244c9e47935552586f30fd8d
# engine=26075
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-05 12:04:32
# local_time=2015-10-04 05:04:32 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 280602178 0 0
# scanned=266184
# found=3
# cleaned=0
# scan_time=17123
sh=9158E7761D8C5CFF82D2F665CC124F4DE24D3023 ft=1 fh=bbeeb41c9dc3d587 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Users\user\AppData\Local\Temp\JavaIC.dll"
sh=AE295385D4F268E7FFDC7FA0845F23C512DD76EB ft=0 fh=0000000000000000 vn="a variant of Java/Agent.BR trojan" ac=I fn="C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\77ca675a-23b15f36"
sh=D850A35120286078A6E4BD87FE91D5CEBD70A632 ft=1 fh=8d229ede3594cbe7 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\user\Downloads\FreeYouTubeDownloaderOC.exe"


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:12 AM

Posted 05 October 2015 - 03:34 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKU\S-1-5-21-2554034294-363694751-669932369-1000\...\MountPoints2: {97c37c82-6587-11dd-ab11-001e6896ff61} - 
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    Toolbar: HKU\S-1-5-21-2554034294-363694751-669932369-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    CHR RestoreOnStartup: 
    AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:xqZEJta8SXkHo9ZLeUl0M
    AlternateDataStreams: C:\ProgramData\Microsoft:IoHaug5fmuxkWofbsGpr894uRHSPn
    AlternateDataStreams: C:\ProgramData\Microsoft:QKBq25cgIIrydPWKI7ciwN
    AlternateDataStreams: C:\ProgramData\Microsoft:x8CzJBlMlzScPkkVdb
    AlternateDataStreams: C:\ProgramData\Microsoft:xQ6zfdN0ghQP3CPfH1Jy4k1
    AlternateDataStreams: C:\Users\user\AppData\Local\bx5TbgWGL9uCtf:Q3OJKNE1Fjcp2cJL1YK
    AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:1dYC2OEo0D969Rqv
    AlternateDataStreams: C:\Users\user\AppData\Local\Temporary Internet Files:JZ6j2gfHVoxkMw9az6mgm
    CreateRestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users