Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MySearchDial, DoubleClick, BabylonToolbar, Maybe Casalemedia


  • This topic is locked This topic is locked
13 replies to this topic

#1 Uh-Oh

Uh-Oh

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 30 October 2015 - 11:47 PM

Hi! Thanks for your help. I'm running Windows 7.


So, my McAfee real-time protection virus scanner started turning itself off automatically, and I couldn't turn it back on. I downloaded Malware Bytes, and it found many entries for MySearchDial. It says those are non-malware. I can delete them, but more show up every time I scan.

It also found four things it called suspicious:

 

mstore14.mgc

offic14.mgc

libxml2.dll

drivers\etc\hosts

 

I removed all of this with Malwarebytes.

 

McAfee still did not work. I called McAfee tech support, and they spent an hour messing with it remotely. They say that I am unable to delete temp files, or browser cache. My notes say, 'P.C. sec op sys files stopped or missing'. They offered to fix all this for a fee I can't afford. But afterwards, my real-time scanner was working again. But my system is still unstable (slow, locks up), still getting MySearchDial. I removed Casale Media and DoubleClick with Spybot, but DoubleClick came back. I've had BabylonToolbar on this system for years. Spybot finds it but I read it isn't dangerous so I haven't worried about it. 

Please advise, and thank you! :)



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 01 November 2015 - 10:59 PM

Hi Uh-Oh,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Let's get started....


Please download Farbar Recovery Scan Tool 32bit and save it to your Desktop.

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.

Only one of these will run on your system; that will be the correct one to use. You can delete the other file.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Once the tool shows "The tool is ready to use." message, please press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 03:35 PM

Hi dbrisendine, and thanks!

Here are the logs:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Krystal (administrator) on KRYSTAL-HP (02-11-2015 12:30:33)
Running from C:\Users\Krystal\Desktop
Loaded Profiles: Krystal (Available Profiles: Krystal)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2010-12-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [641504 2015-09-28] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36711472 2015-10-12] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22568216 2015-10-12] (Google)
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48145024 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\MountPoints2: {31a97854-1b33-11e5-8e13-001fc69ec7de} - G:\ZTE_Handset_USB_Driver.exe
HKU\S-1-5-18\...\RunOnce: [{91140000-0019-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-18\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] => C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-09-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.163\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Krystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-12-12]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7A783902-8FEF-449B-AB63-08BB2CAEB0FA}: [DhcpNameServer] 10.95.15.248 10.95.15.247
Tcpip\..\Interfaces\{8174E9BB-44B4-497F-8718-77A15937420B}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.me
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
URLSearchHook: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> DefaultScope {F1E0F205-05BB-4D38-A74B-AC22E733CB29} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20121023&p={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B029CA8D-C00A-4FF2-9656-B69F945637DF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=38659080-EF92-45EF-8869-11112FF77623&apn_sauid=83D2906F-E5E0-43C7-843A-BD257D7CC76A
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxps://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {F1E0F205-05BB-4D38-A74B-AC22E733CB29} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20121023&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-10-27] (McAfee, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-09-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-09-28] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\qycasj55.default-1423976613079
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-31] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-08-18] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-510673869-1764046778-1933349420-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Krystal\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-29] (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2014-03-27]
FF Extension: Babylon Spelling and Proofreading - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com [2015-10-15] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-10-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Profile: C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR Extension: (Store) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-25]
CHR Extension: (Store) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-06-25]
CHR Extension: (Google Wallet) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-30]
CHR HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Krystal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-29]
CHR HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-10-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-15] (Dropbox, Inc.)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2015-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-10-27] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [783120 2015-09-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [639456 2015-08-11] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368584 2015-09-01] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-07-31] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [376264 2015-08-10] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-07-31] (McAfee, Inc.)
R2 Realtek11nCU; C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80768 2015-08-10] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [413432 2015-08-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349096 2015-08-10] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [495856 2015-08-10] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [839376 2015-08-10] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537408 2015-08-12] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [111256 2015-08-12] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-10-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244024 2015-08-10] (McAfee, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [823912 2010-09-17] (Realtek Semiconductor Corporation                           )
R3 rtlss; C:\Windows\System32\Drivers\rtlss.sys [27240 2010-06-21] (Realtek Semiconductor Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-10-02] (support.com, Inc)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 12:30 - 2015-11-02 12:31 - 00034613 _____ C:\Users\Krystal\Desktop\FRST.txt
2015-11-02 12:30 - 2015-11-02 12:30 - 00000000 ____D C:\FRST
2015-11-02 12:28 - 2015-11-02 12:28 - 02198016 _____ (Farbar) C:\Users\Krystal\Desktop\FRST64.exe
2015-10-29 19:29 - 2015-10-29 19:29 - 00000000 ____D C:\Windows\Minidump
2015-10-29 14:12 - 2015-10-29 14:13 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\MCPCSNR
2015-10-29 13:20 - 2015-10-29 13:23 - 00000000 ____D C:\Users\Krystal\Documents\mctriage
2015-10-29 13:16 - 2015-10-29 13:16 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-10-29 13:15 - 2015-10-29 13:16 - 00000000 ____D C:\Users\Krystal\AppData\Local\Citrix
2015-10-29 12:23 - 2015-11-02 10:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-29 12:23 - 2015-10-29 12:23 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-29 12:23 - 2015-10-29 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-29 12:23 - 2015-10-29 12:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-29 12:23 - 2015-10-29 12:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-29 12:23 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-29 12:23 - 2015-10-05 08:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-29 12:23 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-29 12:20 - 2015-10-29 12:22 - 22908888 _____ (Malwarebytes ) C:\Users\Krystal\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-28 18:17 - 2015-09-16 05:36 - 00000856 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-10-28 18:09 - 2015-10-28 18:09 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\McAfee
2015-10-28 18:07 - 2015-10-28 18:07 - 00586096 _____ (McAfee, Inc.) C:\Users\Krystal\Downloads\MVTInstaller.exe
2015-10-27 17:08 - 2015-10-27 17:36 - 239811763 _____ C:\Users\Krystal\Downloads\SeanShealyKILLING1a.mp4
2015-10-15 13:32 - 2015-11-02 08:54 - 00000000 ___RD C:\Users\Krystal\Dropbox
2015-10-15 13:32 - 2015-10-15 13:32 - 00001188 _____ C:\Users\Krystal\Desktop\Dropbox.lnk
2015-10-15 13:29 - 2015-10-15 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-15 13:28 - 2015-10-15 13:28 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Dropbox
2015-10-15 13:27 - 2015-10-19 06:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-15 13:24 - 2015-11-02 12:29 - 00000910 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-10-15 13:24 - 2015-11-02 08:53 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-10-15 13:24 - 2015-10-15 13:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-10-15 13:24 - 2015-10-15 13:24 - 00003906 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-10-15 13:24 - 2015-10-15 13:24 - 00003654 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-10-15 13:23 - 2015-11-02 08:54 - 00000000 ____D C:\Users\Krystal\AppData\Local\Dropbox
2015-10-15 13:23 - 2015-10-15 13:23 - 00660960 _____ (Dropbox, Inc.) C:\Users\Krystal\Downloads\DropboxInstaller.exe
2015-10-15 13:23 - 2015-10-15 13:23 - 00000000 ____D C:\ProgramData\Dropbox
2015-10-15 06:35 - 2015-09-18 11:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-15 06:35 - 2015-09-18 11:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-15 06:35 - 2015-09-18 11:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-15 06:35 - 2015-09-18 11:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-15 06:35 - 2015-09-18 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-15 06:35 - 2015-09-18 11:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-15 06:35 - 2015-09-18 11:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 09:06 - 2015-09-18 11:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 09:06 - 2015-09-18 10:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 09:06 - 2015-09-15 20:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 09:06 - 2015-09-15 20:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 09:06 - 2015-09-15 20:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-14 09:06 - 2015-09-15 20:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 09:06 - 2015-09-15 20:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 09:06 - 2015-09-15 20:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 09:06 - 2015-09-15 20:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 09:06 - 2015-09-15 20:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-15 20:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-14 09:06 - 2015-09-15 20:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 09:06 - 2015-09-15 20:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 09:06 - 2015-09-15 20:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 09:06 - 2015-09-15 20:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 09:06 - 2015-09-15 20:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 09:06 - 2015-09-15 20:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-14 09:06 - 2015-09-15 20:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-14 09:06 - 2015-09-15 20:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-14 09:06 - 2015-09-15 20:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-14 09:06 - 2015-09-15 19:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:06 - 2015-09-15 19:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 09:06 - 2015-09-15 19:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-14 09:06 - 2015-09-15 19:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 09:06 - 2015-09-15 19:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 09:06 - 2015-09-15 19:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 09:06 - 2015-09-15 19:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 09:06 - 2015-09-15 19:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-14 09:06 - 2015-09-15 19:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:06 - 2015-09-15 19:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 09:06 - 2015-09-15 19:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 09:06 - 2015-09-15 19:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-10-14 09:06 - 2015-09-15 19:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-14 09:06 - 2015-09-15 19:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-10-14 09:06 - 2015-09-15 19:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 09:06 - 2015-09-15 19:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 09:06 - 2015-09-15 19:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 09:06 - 2015-09-15 19:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-14 09:06 - 2015-09-15 19:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 09:06 - 2015-09-15 19:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 09:06 - 2015-09-15 19:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 09:06 - 2015-09-15 19:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 09:06 - 2015-09-15 19:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-10-14 09:06 - 2015-09-15 19:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 09:06 - 2015-09-15 19:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:06 - 2015-09-15 19:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-10-14 09:06 - 2015-09-15 19:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 09:06 - 2015-09-15 19:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 09:06 - 2015-09-15 19:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-10-14 09:06 - 2015-09-15 19:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 09:06 - 2015-09-15 19:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 09:06 - 2015-09-15 19:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:06 - 2015-09-15 19:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 09:06 - 2015-09-15 19:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-10-14 09:06 - 2015-09-15 18:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 09:06 - 2015-09-15 18:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:06 - 2015-09-15 18:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-10-14 09:06 - 2015-09-15 18:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 09:06 - 2015-09-15 18:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 09:06 - 2015-09-15 18:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-10-14 09:06 - 2015-09-15 18:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-14 09:06 - 2015-09-15 18:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 09:06 - 2015-09-15 18:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 09:06 - 2015-09-15 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-10-14 09:06 - 2015-08-06 10:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 09:06 - 2015-08-06 10:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 09:06 - 2015-08-06 09:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:06 - 2015-08-06 09:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 09:04 - 2015-09-28 19:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 09:04 - 2015-09-28 19:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 09:04 - 2015-09-28 19:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 09:04 - 2015-09-28 19:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 09:04 - 2015-09-28 19:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 09:04 - 2015-09-28 19:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 09:04 - 2015-09-28 19:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 09:04 - 2015-09-28 19:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 09:04 - 2015-09-28 19:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 09:04 - 2015-09-28 19:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 09:04 - 2015-09-28 19:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 09:04 - 2015-09-28 19:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 09:04 - 2015-09-28 19:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 19:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 09:04 - 2015-09-28 18:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 09:04 - 2015-09-28 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 09:04 - 2015-09-28 18:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 09:04 - 2015-09-28 18:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 09:04 - 2015-09-28 18:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 09:04 - 2015-09-28 18:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 09:04 - 2015-09-28 18:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 09:04 - 2015-09-28 18:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 09:04 - 2015-09-28 18:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 09:04 - 2015-09-28 18:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 09:04 - 2015-09-28 18:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 18:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 17:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 09:04 - 2015-09-28 17:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 09:04 - 2015-09-28 17:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 09:04 - 2015-09-28 17:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 09:04 - 2015-09-28 17:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 09:04 - 2015-09-28 17:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 17:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 17:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 09:04 - 2015-09-28 17:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 09:04 - 2015-09-25 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 09:04 - 2015-09-25 10:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 09:04 - 2015-09-25 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 09:04 - 2015-09-25 10:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 09:04 - 2015-09-25 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 09:04 - 2015-09-25 09:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 09:04 - 2015-09-25 09:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 09:04 - 2015-09-25 09:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 09:04 - 2015-09-25 09:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 09:04 - 2015-09-25 09:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 09:04 - 2015-09-15 10:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 09:04 - 2015-09-15 10:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 09:04 - 2015-09-15 10:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 09:04 - 2015-09-15 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 09:04 - 2015-09-15 10:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 09:04 - 2015-09-15 10:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 09:04 - 2015-09-15 10:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 09:04 - 2015-09-15 10:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 09:04 - 2015-09-15 10:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 09:04 - 2015-09-15 09:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 09:04 - 2015-09-15 09:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 09:04 - 2015-09-15 09:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 09:04 - 2015-09-15 09:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 09:03 - 2015-10-01 10:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 09:03 - 2015-10-01 10:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 09:03 - 2015-10-01 10:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 09:03 - 2015-10-01 10:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 09:03 - 2015-10-01 10:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 09:03 - 2015-10-01 10:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 09:03 - 2015-10-01 10:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 09:03 - 2015-10-01 09:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 09:03 - 2015-10-01 09:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 09:01 - 2015-07-18 05:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 09:01 - 2015-07-18 05:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-02 12:24 - 2015-09-23 11:42 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Skype
2015-11-02 12:05 - 2015-09-22 16:36 - 00000000 ____D C:\Users\Krystal\Documents\KSMIT
2015-11-02 11:46 - 2012-04-11 04:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-02 11:43 - 2011-10-20 04:38 - 01973082 _____ C:\Windows\WindowsUpdate.log
2015-11-02 09:07 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-02 09:07 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-02 08:59 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-02 08:53 - 2013-07-29 11:46 - 00000000 ___RD C:\Users\Krystal\Google Drive
2015-11-02 08:53 - 2013-07-02 08:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-02 08:53 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-02 08:53 - 2009-07-13 20:51 - 00083466 _____ C:\Windows\setupact.log
2015-11-01 21:48 - 2015-05-07 06:58 - 00000000 ____D C:\Users\Krystal\Documents\Sanders
2015-11-01 18:09 - 2011-10-20 04:43 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{22270297-AC09-4576-BA3B-2E8CB86AB0A3}
2015-11-01 07:32 - 2015-05-06 09:07 - 00000000 ____D C:\Users\Krystal\Documents\Dating Quiz
2015-10-31 22:53 - 2011-10-20 13:49 - 01717248 ___SH C:\Users\Krystal\Desktop\Thumbs.db
2015-10-31 21:21 - 2012-05-06 01:30 - 00000000 ____D C:\Users\Krystal\Documents\Ideas Ongoing Projects
2015-10-31 20:08 - 2013-07-24 12:23 - 03208192 ___SH C:\Users\Krystal\Documents\Thumbs.db
2015-10-31 08:29 - 2015-07-07 20:38 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 19:40 - 2010-11-20 19:47 - 00558424 _____ C:\Windows\PFRO.log
2015-10-29 19:31 - 2015-09-23 11:41 - 00000000 ____D C:\ProgramData\Skype
2015-10-29 19:29 - 2011-08-12 14:49 - 00325393 ____N C:\Windows\Minidump\102915-18111-01.dmp
2015-10-29 18:16 - 2013-01-26 14:40 - 01188352 ___SH C:\Users\Krystal\Downloads\Thumbs.db
2015-10-29 13:58 - 2012-10-23 14:43 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-10-29 13:56 - 2015-07-29 10:13 - 00003064 _____ C:\Windows\System32\Tasks\McAfeeLogon
2015-10-29 13:23 - 2014-10-27 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-10-29 12:49 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Web
2015-10-29 12:39 - 2014-10-24 13:20 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Search Protection
2015-10-29 12:39 - 2014-03-25 11:09 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\systweak
2015-10-29 08:00 - 2009-07-13 20:54 - 00000749 ___RH C:\Windows\WindowsShell.Manifest
2015-10-29 08:00 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-28 18:08 - 2012-10-23 14:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-10-28 18:08 - 2012-10-23 14:31 - 00000000 ____D C:\ProgramData\McAfee
2015-10-28 15:32 - 2015-01-06 15:53 - 00000000 ____D C:\Users\Krystal\Documents\Short Stories
2015-10-28 08:20 - 2015-07-21 13:05 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2015-10-28 07:07 - 2013-04-06 16:32 - 00000000 ____D C:\Users\Krystal\Documents\Secrets
2015-10-26 19:09 - 2013-06-01 00:45 - 00000000 ____D C:\Users\Krystal\Documents\Inspirational Original Posters
2015-10-25 19:45 - 2012-12-01 00:55 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForKRYSTAL-HP$.job
2015-10-25 19:45 - 2012-10-31 11:01 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKRYSTAL-HP$
2015-10-23 14:46 - 2012-01-31 15:11 - 00000000 ____D C:\Users\Krystal\Documents\InfoPress Published Columns
2015-10-22 22:24 - 2013-07-02 08:16 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 13:09 - 2011-10-20 13:46 - 00000000 ____D C:\Users\Krystal\AppData\Local\Windows Live
2015-10-21 12:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-10-20 20:05 - 2015-02-14 03:32 - 00000000 ____D C:\Users\Krystal\Documents\Funny Memes
2015-10-19 06:44 - 2012-05-06 01:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 09:42 - 2014-08-28 07:56 - 00000000 ____D C:\Users\Krystal\Documents\Smarter In 60 Seconds
2015-10-16 17:46 - 2012-04-11 04:40 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-16 17:46 - 2012-04-11 04:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-16 17:46 - 2011-08-12 14:40 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-16 17:30 - 2013-07-29 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-10-16 09:01 - 2015-03-31 16:09 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForKrystal.job
2015-10-16 08:43 - 2012-08-20 22:28 - 00000000 ____D C:\Users\Krystal\Documents\Working Columns
2015-10-15 17:06 - 2014-11-10 10:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 13:32 - 2011-10-20 04:39 - 00000000 ____D C:\Users\Krystal
2015-10-15 13:19 - 2015-03-31 16:09 - 00003198 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKrystal
2015-10-15 10:01 - 2014-12-10 04:49 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 10:01 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 00:11 - 2012-04-06 11:25 - 00000000 ____D C:\Users\Krystal\AppData\Local\CrashDumps
2015-10-14 10:29 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieBrowserModeList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieUserList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieSiteList
2015-10-14 10:28 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieBrowserModeList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieUserList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieSiteList
2015-10-14 10:14 - 2011-10-19 15:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 10:13 - 2013-07-12 02:01 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 10:06 - 2011-10-28 07:49 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-14 09:16 - 2015-09-23 11:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-14 08:42 - 2015-08-28 09:46 - 00000000 ____D C:\Users\Krystal\Documents\Resume
2015-10-12 09:16 - 2012-08-16 21:09 - 00000000 ____D C:\Users\Krystal\Documents\KL Current Files
2015-10-11 12:31 - 2015-02-18 08:26 - 00000000 ____D C:\Users\Krystal\Documents\Heart Stuff
2015-10-08 10:45 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-08 10:01 - 2015-04-04 10:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX

==================== Files in the root of some directories =======

2012-04-18 13:55 - 2012-04-18 13:55 - 0000115 _____ () C:\Users\Krystal\AppData\Roaming\sversion.ini
2012-03-06 14:11 - 2015-06-09 19:38 - 0039424 _____ () C:\Users\Krystal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-19 14:37 - 2011-10-19 14:47 - 0027734 _____ () C:\ProgramData\xportnchk.ini

Some files in TEMP:
====================
C:\Users\Krystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_d8xr.dll
C:\Users\Krystal\AppData\Local\Temp\_is1D86.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-01 13:42

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Krystal (2015-11-02 12:31:50)
Running from C:\Users\Krystal\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-20 12:39:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-510673869-1764046778-1933349420-500 - Administrator - Disabled)
Guest (S-1-5-21-510673869-1764046778-1933349420-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-510673869-1764046778-1933349420-1002 - Limited - Enabled)
Krystal (S-1-5-21-510673869-1764046778-1933349420-1000 - Administrator - Enabled) => C:\Users\Krystal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version:  - )
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player Packages (HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Adobe Flash Player Packages) (Version:  - ) <==== ATTENTION
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Blio (HKLM-x32\...\{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}) (Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J430W (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.10.0 - Brother Industries, Ltd.)
Bullzip PDF Printer 8.2.0.1406 (HKLM\...\Bullzip PDF Printer_is1) (Version: 8.2.0.1406 - Bullzip)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - CHIP.de)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Drive (HKLM-x32\...\{9C350701-AC04-48BA-A435-BD5E0D82897E}) (Version: 1.25.0523.2491 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D}) (Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard Company)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681}) (Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee AntiVirus Plus (HKLM-x32\...\MSC) (Version: 14.0.5120 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.7.0.366 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.192 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6378 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.00.0174 - REALTEK Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Web Creator OpenOffice.org 1.1 (HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\Web Creator OpenOffice.org 1.1) (Version: 1.1 - Sun Microsystems, Inc. for the OpenOffice.org-Community)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-10-2015 14:45:48 Windows Update
01-11-2015 19:00:14 Windows Backup

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-10-28 18:17 - 00000859 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0085CF17-F4BE-412D-9FD4-26ECF051E84D} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {03405467-24BB-497F-851B-CDFA0065072B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {15AA019A-BA85-405E-8BF0-89835C1874D2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-09-01] (McAfee, Inc.)
Task: {2155951F-70D1-4CD7-BEF3-3592BC0ADD83} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {3B2CBE9C-7D43-44B4-A9B7-C9121EBA69A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {3CF8E1FD-AF05-4304-B624-C59C2E4FA288} - System32\Tasks\HPCeeScheduleForKRYSTAL-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3EC86441-1E4D-4788-9655-095C82CABA2B} - System32\Tasks\{149CD76A-801A-41B7-9883-A6928083D433} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(2).exe -d C:\Users\Krystal\Downloads
Task: {47E3AFE5-8916-4880-9355-C7C6902EA412} - System32\Tasks\AppCloudUpdater => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {52543B87-7DF0-41D2-A640-40588FBAB2BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {5C6796BF-D04A-4ED1-91F2-85AF57ABA3EC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-15] (Dropbox, Inc.)
Task: {5E32B77E-6479-483D-8DC7-D019E9461E26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {7B25EC72-DC25-4CB9-B77D-662530A2ACDC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-09-01] (McAfee, Inc.)
Task: {88E73602-407D-41E2-846A-C6B57DE0C959} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {97438CF5-7340-4EBC-BC8E-B6E49EC2B9D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {99C6B531-3ABA-4D6B-A191-4E35077107EB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-15] (Dropbox, Inc.)
Task: {A138E9A8-9BAE-4EF6-85DF-675C63CE0328} - System32\Tasks\HPCeeScheduleForKrystal => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {AA265991-8ECF-4840-9F85-2C044103342F} - System32\Tasks\{76CB2D19-4C2D-43B8-92BA-023E25AA475E} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(1).exe -d C:\Users\Krystal\Downloads
Task: {B41F3596-8C3D-4D0F-8F64-4CA1A4ECBE7F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
Task: {C171EF8B-E6E4-425E-B36C-90556C1BFEDF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {E63284EA-3F57-46BE-ADD8-156030511EAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {F7941A9D-E881-4D46-AA3B-A2CC5A71CC76} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FFF6A7E8-5786-4104-8C85-07479F9FC3A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKRYSTAL-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKrystal.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 14:24 - 2011-01-27 09:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-01 20:26 - 2005-04-21 20:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2015-11-02 08:53 - 2015-11-02 08:53 - 00098816 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32api.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00110080 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\pywintypes27.dll
2015-11-02 08:53 - 2015-11-02 08:53 - 00364544 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\pythoncom27.dll
2015-11-02 08:53 - 2015-11-02 08:53 - 00046080 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_socket.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 01208320 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_ssl.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00320512 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32com.shell.shell.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00776704 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_hashlib.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 01176576 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._core_.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00806400 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._gdi_.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00816128 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._windows_.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 01067008 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._controls_.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00733184 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._misc_.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00682496 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\pysqlite2._sqlite.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00088064 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_ctypes.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00119808 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32file.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00108544 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32security.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00007168 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\hashobjs_ext.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00070144 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\usb_ext.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00167936 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32gui.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00018432 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32event.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00128512 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_elementtree.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00127488 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\pyexpat.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00013824 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\common.time34.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00036864 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_psutil_windows.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00038912 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32inet.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00011264 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32crypt.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00077312 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._html2.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00027136 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_multiprocessing.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00020480 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\_yappi.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00035840 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32process.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00686080 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\unicodedata.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00123392 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._wizard.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00024064 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32pipe.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00010240 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\select.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00025600 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32pdh.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00525640 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\windows._lib_cacheinvalidation.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00017408 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32profile.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00022528 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\win32ts.pyd
2015-11-02 08:53 - 2015-11-02 08:53 - 00078848 _____ () C:\Users\Krystal\AppData\Local\Temp\_MEI27402\wx._animate.pyd
2011-01-17 16:19 - 2011-12-12 15:02 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-05-01 20:26 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-11-02 08:53 - 2015-11-02 08:53 - 00071168 _____ () c:\users\krystal\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_d8xr.dll
2015-10-15 13:28 - 2015-09-23 15:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-10-15 13:28 - 2015-09-23 15:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-15 13:28 - 2015-09-23 15:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-15 13:28 - 2015-09-23 15:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E0739830-41D0-412F-99AD-3B1F0A20480D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{7EE299B3-BCA5-4AD2-84EB-83E8D2EFD456}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{B51958B4-F992-4F28-96B6-3036CE7793A3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A209BBB0-D5E0-429F-BD6C-772860623647}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{D337FFA3-FF33-47D8-AEE3-D3E2119BBE3C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{14A733D0-AB3A-45FA-BA6C-9C6D9661AD54}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{F9C1180D-ADC0-4BD9-8572-09566420D790}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{CA834C32-CFFC-4F99-BA37-05F9D5997FDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{9DA3D274-1830-480B-AAE0-9A9ED21ABB77}] => (Allow) C:\Users\Krystal\AppData\Local\Temp\7zS959A.tmp\SymNRT.exe
FirewallRules: [{78D99356-AA1C-44EB-B4BC-E85B51FB1486}] => (Allow) C:\Users\Krystal\AppData\Local\Temp\7zS959A.tmp\SymNRT.exe
FirewallRules: [{AE6D8059-3CE9-4623-AD81-41419F1F3138}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{851B8896-36BF-46BA-BE0E-D156DAFFFEFB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{7C8A514D-C521-4C99-96FF-EBA4E1895907}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{BF7BD1DB-44E8-456E-92FB-3B4B75C61F30}] => (Allow) C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{9CF5FFA2-E914-45EE-845E-25BE1685C7DA}] => (Allow) LPort=1542
FirewallRules: [{EA6DD555-14B2-4A5E-9358-F199935482F1}] => (Allow) LPort=1542
FirewallRules: [{B2CD6B73-85AF-4DCB-9B85-5C21F224D951}] => (Allow) LPort=53
FirewallRules: [{3B9FEA3B-43D5-4063-9D88-7B98F383AB67}] => (Allow) LPort=54925
FirewallRules: [{99B2EFAB-0879-451B-833D-6C89252130FD}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{A1830417-CECF-480D-BE0A-53DA1D5E7B93}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{F23B6FA2-EC20-49B8-8F72-CE67A0B4EEAF}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{39875F21-C979-4FAE-9AD0-6394C1F3E219}] => (Allow) C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{73E98881-C52B-4EB7-8C27-CC543B8923F0}C:\users\krystal\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krystal\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5D6DF8E4-7AA7-44AC-8590-03D60FE829F0}C:\users\krystal\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\krystal\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{200B9D27-8F71-4D0C-8623-D7DE2BB4BDE3}C:\users\krystal\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\krystal\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{79293E99-4A90-4A38-AB10-8492AFCFC153}C:\users\krystal\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\krystal\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D11769E4-6442-4855-A9FD-2EEF1C20A121}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{DCD3FE85-1AC1-4A27-853D-D8D252A4DF5E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{55FA4060-EAED-4A81-A456-AFF57A6619B2}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5F0D9895-6102-4E76-902F-A74F3057DA70}] => (Allow) LPort=2869
FirewallRules: [{E2B8BF16-86D6-41C2-AF31-10C49A9C64BC}] => (Allow) LPort=1900
FirewallRules: [{0D3AD9CA-4103-4B58-8D03-D337A1513ED0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4F3776ED-0204-430E-A493-79976FC25E6B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0AE5CBB5-5711-498E-854B-F8B5EDCC6890}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{289A4C44-E405-44ED-AA9F-ECA02374CBB5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C57D9AE-A904-43A4-96EA-81883A78E76F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2B3AC2BE-348E-434B-B2E0-FAD97B20E846}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A65B13DB-76A5-4114-87C0-64887FB1EFAF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89CF47D8-7171-4E23-8699-8B44F5ED84E9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AC1BA310-8BF1-4397-B826-9046D8261471}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{10AA97EA-5A03-4B01-A1EB-0CD206DD5343}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B7D717B7-78C9-40AD-9195-115545CEF19F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B923181C-732A-4EEB-A3C5-FDAFD7E6005E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/01/2015 09:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4437682

Error: (11/01/2015 09:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4437682

Error: (11/01/2015 09:01:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 09:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4436621

Error: (11/01/2015 09:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4436621

Error: (11/01/2015 09:01:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 09:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4435623

Error: (11/01/2015 09:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4435623

Error: (11/01/2015 09:01:26 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/01/2015 09:01:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4434624


System errors:
=============
Error: (11/02/2015 08:54:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/02/2015 08:54:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/02/2015 08:54:06 AM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}

Error: (11/01/2015 06:07:29 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}

Error: (11/01/2015 06:07:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/01/2015 06:06:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/01/2015 12:34:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/01/2015 12:34:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/01/2015 12:34:07 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe -Embedding740{9C0BA3C1-2B67-45EB-BF69-BED9658D28D2}

Error: (11/01/2015 07:35:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 70%
Total physical RAM: 4002.53 MB
Available physical RAM: 1163.37 MB
Total Virtual: 8003.26 MB
Available Virtual: 4336.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:687.03 GB) (Free:405.26 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.5 GB) (Free:1.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:14.91 GB) (Free:11.21 GB) FAT32
Drive g: (HITACHI) (Fixed) (Total:1862.56 GB) (Free:1550.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E7EDFEA3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=687 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: E48992C0)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=0C)

==================== End of Addition.txt ============================



#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 02 November 2015 - 05:09 PM

Thank you for the logs.  Let's get started ....
 

FIRST >>>>
Spybot S&D TeaTimer

While I advise you to uninstall Spybot (it was once a great tool but now ... not so much), I understand if users want to keep it.  However, we do need to have the TeaTimer function turned off or disabled during our fixing the system.
To disable TeaTimer and remove its startup entry:

    Go into Spybot > Mode > Advanced Mode > Tools > Resident
        Uncheck (if checked) the following:
        Resident "TeaTimer" (Protection of over-all system settings) Active.


To temporarally close TeaTimer and restart it later:

    Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
        TeaTimer closes.
    Restart TeaTimer:
        Using Windows Explorer, navigate to C:\Program Files\Spybot - Search & Destroy.
        Double click TeaTimer.exe to start it.


SECOND >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Adobe Flash Player Packages

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


LAST >>>>


Open notepad by pressing the Windows Key + R Key, typing in Notepad in the Run dialog and then pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\MountPoints2: {31a97854-1b33-11e5-8e13-001fc69ec7de} - G:\ZTE_Handset_USB_Driver.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B029CA8D-C00A-4FF2-9656-B69F945637DF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=38659080-EF92-45EF-8869-11112FF77623&apn_sauid=83D2906F-E5E0-43C7-843A-BD257D7CC76A
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
Toolbar: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (Google Drive) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Krystal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
2015-10-29 12:39 - 2014-10-24 13:20 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Search Protection
2015-10-29 12:39 - 2014-03-25 11:09 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\systweak
2015-10-14 10:29 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieBrowserModeList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieUserList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieSiteList
2015-10-14 10:28 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieBrowserModeList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieUserList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieSiteList
2012-03-06 14:11 - 2015-06-09 19:38 - 0039424 _____ () C:\Users\Krystal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Krystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_d8xr.dll
C:\Users\Krystal\AppData\Local\Temp\_is1D86.exe
Task: {2155951F-70D1-4CD7-BEF3-3592BC0ADD83} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
C:\Program Files (x86)\Norton Internet Security
Task: {3EC86441-1E4D-4788-9655-095C82CABA2B} - System32\Tasks\{149CD76A-801A-41B7-9883-A6928083D433} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(2).exe -d C:\Users\Krystal\Downloads
Task: {47E3AFE5-8916-4880-9355-C7C6902EA412} - System32\Tasks\AppCloudUpdater => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Krystal\AppData\Roaming\APPCLO~1
Task: {5E32B77E-6479-483D-8DC7-D019E9461E26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {AA265991-8ECF-4840-9F85-2C044103342F} - System32\Tasks\{76CB2D19-4C2D-43B8-92BA-023E25AA475E} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(1).exe -d C:\Users\Krystal\Downloads
Task: {B41F3596-8C3D-4D0F-8F64-4CA1A4ECBE7F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 by right clicking on the FRST64.exe file, selecting "Run as Administrator..".  The User Account Control may open up; if it does, select Yes to continue to let FRST open and load.  

The tool will check for an updated version of itself every time it loads; please allow it to do this and the program will either inform you it is downloading an updated copy (and to wait until it is safe to continue) or show nothing (meaning there is no update found) and you can continue on.  Press the Fix button just once and wait.  The tool will create a restore point, process the script and ask for a restart of your system.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.  Also, how is your system running now?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 02 November 2015 - 06:11 PM

Hi again! Everything seems to be running well. A couple of things: When  I tried to uninstall Adobe Flash Packages, a notice said, 'It appears that Adobe Flash Packages has already been removed. Would you like to remove this entry?' I said yes.

Also, when I restarted Spybot said several things had been changed and asked if I would allow that and I said yes. So I'm not sure if the Tea Timer was properly turned off. The words 'Tea Timer' never appeared anywhere, but I unchecked 'Resident'.

Here's the Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Krystal (2015-11-02 14:50:49) Run:1
Running from C:\Users\Krystal\Desktop
Loaded Profiles: Krystal (Available Profiles: Krystal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\RunOnce: [Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\...\MountPoints2: {31a97854-1b33-11e5-8e13-001fc69ec7de} - G:\ZTE_Handset_USB_Driver.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B029CA8D-C00A-4FF2-9656-B69F945637DF} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=38659080-EF92-45EF-8869-11112FF77623&apn_sauid=83D2906F-E5E0-43C7-843A-BD257D7CC76A
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {B8530B50-1B0F-4DC3-B3D0-845C02F000F6} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
Toolbar: HKU\S-1-5-21-510673869-1764046778-1933349420-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
CHR Extension: (Google Drive) - C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-25]
CHR HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Krystal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-06-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
2015-10-29 12:39 - 2014-10-24 13:20 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\Search Protection
2015-10-29 12:39 - 2014-03-25 11:09 - 00000000 ____D C:\Users\Krystal\AppData\Roaming\systweak
2015-10-14 10:29 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieBrowserModeList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieUserList
2015-10-14 10:29 - 2014-05-01 18:58 - 00000000 __SHD C:\Users\Krystal\AppData\Local\EmieSiteList
2015-10-14 10:28 - 2015-02-04 16:59 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieBrowserModeList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieUserList
2015-10-14 10:28 - 2014-05-14 12:16 - 00000000 __SHD C:\Users\Krystal\AppData\LocalLow\EmieSiteList
2012-03-06 14:11 - 2015-06-09 19:38 - 0039424 _____ () C:\Users\Krystal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Krystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_d8xr.dll
C:\Users\Krystal\AppData\Local\Temp\_is1D86.exe
Task: {2155951F-70D1-4CD7-BEF3-3592BC0ADD83} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
C:\Program Files (x86)\Norton Internet Security
Task: {3EC86441-1E4D-4788-9655-095C82CABA2B} - System32\Tasks\{149CD76A-801A-41B7-9883-A6928083D433} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(2).exe -d C:\Users\Krystal\Downloads
Task: {47E3AFE5-8916-4880-9355-C7C6902EA412} - System32\Tasks\AppCloudUpdater => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Krystal\AppData\Roaming\APPCLO~1
Task: {5E32B77E-6479-483D-8DC7-D019E9461E26} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\SymErr.exe
Task: {AA265991-8ECF-4840-9F85-2C044103342F} - System32\Tasks\{76CB2D19-4C2D-43B8-92BA-023E25AA475E} => pcalua.exe -a C:\Users\Krystal\Downloads\wlsetup-web(1).exe -d C:\Users\Krystal\Downloads
Task: {B41F3596-8C3D-4D0F-8F64-4CA1A4ECBE7F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\WSCStub.exe
Task: C:\Windows\Tasks\AppCloudUpdater.job => C:\Users\Krystal\AppData\Roaming\APPCLO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 => value removed successfully
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64 => value removed successfully
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Krystal\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64 => value removed successfully
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31a97854-1b33-11e5-8e13-001fc69ec7de}" => key removed successfully
HKCR\CLSID\{31a97854-1b33-11e5-8e13-001fc69ec7de} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6}" => key removed successfully
HKCR\CLSID\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6}" => key removed successfully
HKCR\Wow6432Node\CLSID\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B029CA8D-C00A-4FF2-9656-B69F945637DF}" => key removed successfully
HKCR\CLSID\{B029CA8D-C00A-4FF2-9656-B69F945637DF} => key not found.
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6}" => key removed successfully
HKCR\CLSID\{B8530B50-1B0F-4DC3-B3D0-845C02F000F6} => key not found.
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => key removed successfully
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found.
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
"HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => key removed successfully
C:\Users\Krystal\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx => moved successfully
C:\Users\Krystal\AppData\Roaming\Search Protection => moved successfully
C:\Users\Krystal\AppData\Roaming\systweak => moved successfully
C:\Users\Krystal\AppData\Local\EmieBrowserModeList => moved successfully
C:\Users\Krystal\AppData\Local\EmieUserList => moved successfully
C:\Users\Krystal\AppData\Local\EmieSiteList => moved successfully
C:\Users\Krystal\AppData\LocalLow\EmieBrowserModeList => moved successfully
C:\Users\Krystal\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Krystal\AppData\LocalLow\EmieSiteList => moved successfully
C:\Users\Krystal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Krystal\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_d8xr.dll => moved successfully
C:\Users\Krystal\AppData\Local\Temp\_is1D86.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2155951F-70D1-4CD7-BEF3-3592BC0ADD83}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2155951F-70D1-4CD7-BEF3-3592BC0ADD83}" => key removed successfully
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully
"C:\Program Files (x86)\Norton Internet Security" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EC86441-1E4D-4788-9655-095C82CABA2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC86441-1E4D-4788-9655-095C82CABA2B}" => key removed successfully
C:\Windows\System32\Tasks\{149CD76A-801A-41B7-9883-A6928083D433} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{149CD76A-801A-41B7-9883-A6928083D433}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47E3AFE5-8916-4880-9355-C7C6902EA412}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E3AFE5-8916-4880-9355-C7C6902EA412}" => key removed successfully
C:\Windows\System32\Tasks\AppCloudUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppCloudUpdater" => key removed successfully
"C:\Users\Krystal\AppData\Roaming\APPCLO~1" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E32B77E-6479-483D-8DC7-D019E9461E26}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E32B77E-6479-483D-8DC7-D019E9461E26}" => key removed successfully
C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AA265991-8ECF-4840-9F85-2C044103342F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA265991-8ECF-4840-9F85-2C044103342F}" => key removed successfully
C:\Windows\System32\Tasks\{76CB2D19-4C2D-43B8-92BA-023E25AA475E} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76CB2D19-4C2D-43B8-92BA-023E25AA475E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B41F3596-8C3D-4D0F-8F64-4CA1A4ECBE7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B41F3596-8C3D-4D0F-8F64-4CA1A4ECBE7F}" => key removed successfully
C:\Windows\System32\Tasks\Norton WSC Integration => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
C:\Windows\Tasks\AppCloudUpdater.job => moved successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-510673869-1764046778-1933349420-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

EmptyTemp: => 843.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:55:40 ====



#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 02 November 2015 - 06:39 PM

Cool!  That sounds good and you did everything fine.  I would think that the system will run an little better now that the last remains of Norton were removed also (Norton and McAfee don't like each other).
 
Moving on to remains of Junk / Ads >>>
 

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.


SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

You will see the following console:
AdwCleaner_v5016_zpsf8ln0fea.png

Click the Scan button and wait for the scan to finish.

After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.

Click the Clean button.

Everything checked will be deleted.

When the program has finished cleaning a report appears.

Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt


Optional:
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 03 November 2015 - 02:09 PM

Thanks and thanks! Here's the stuff:

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Krystal on Tue 11/03/2015 at 10:42:35.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F1E0F205-05BB-4D38-A74B-AC22E733CB29}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{00E52D87-6151-45D5-8699-F9383AF38099}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{02ED01B2-15B0-48B1-A987-7E335A261069}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{04C8F993-3A9E-4AA3-8A59-1D947B026D4A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{06BEA3AF-A7AC-48B0-9F75-EDFB8DA48755}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{071D7C27-E78C-4345-869E-08C603348DF0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{0754744A-DBB5-49F6-A292-2E961DA7D42F}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{07C51B7B-1659-4E91-9B04-E0A538516B7D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{09673FC9-9181-4126-99C5-4DB9342256F0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{09EF6B37-B317-43F1-B43E-B01A86122841}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{0AEED7B6-72D1-43C2-BDFB-03EBE61C4C5B}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{104288C8-A33B-4C49-8783-047243862459}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{1144A95C-C033-4D37-81CA-65ED0D8B73CE}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{15A2B3CF-4631-472A-A84F-02C263E46F9D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{16340325-1481-442F-8272-44305841FBDB}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{18406677-AB5C-4670-B4B6-492751274682}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{18B1535E-E78E-4C9A-BB62-B601DE617827}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{1CA7BFEA-62F3-4587-83A8-083F4EB6DE51}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{1D11F095-7292-43A0-8F06-629340A0124C}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{1DB0D76C-ED04-46FC-8B33-55C9F6F20811}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{1EC3FB7A-2FBA-4187-B99F-ABF4B0252D1A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{21EFD927-911F-4667-B7E1-F99B2AB7049F}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{22E9E019-E3D5-4351-A099-2D310A4550EF}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{237D66F6-564C-4361-A44B-C5D6BFAD25A0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{25058A0F-4C9C-44A4-8440-58C8809BCB56}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{25ED3082-4121-460C-A5B5-22FFEB4EE31F}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{28BB6D09-226F-472F-A4B1-8D7B620F93EA}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{29824A96-AEDE-400B-A624-ABB17858E924}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{2A745317-1250-4703-AA81-CC01DBFA5AEB}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{2AA642D7-64E3-48FB-95D3-8DDB85F5B671}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{2EEA2936-6F7A-412D-92AD-74D355B3F542}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{2FE3AB7F-56DF-4355-B7E3-C4C0FB487166}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{341F5C5E-B31A-4082-84FD-5FC9959FEECD}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{34423C12-4F22-419F-8244-6F8E50CCC486}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{36D106FC-B34C-402A-80CF-0BFB77BCCFFF}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{36FAF9D3-2B17-4103-B13B-96AF9DD315B8}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{3A6BE64C-CEB0-43C3-B76C-10BB73A70B93}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{3BA94A29-61C3-4ABC-AAD6-08A4F635DB8D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{3E4E814B-D9D7-4E83-9C8D-A661B5A29AE7}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{3E8D7A8C-1531-4A86-8C16-EC1B7521837A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{42AC34FB-1405-4C3F-B6EA-67F9C242E933}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{4455B25D-04D3-4A2D-8B90-69994149C306}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{44D429F9-3743-4C87-988A-87BD9A17B66D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{469B212D-2E48-457F-893E-0B861C5B8AF0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{4D79D199-9F45-4EE7-8ACC-E1CA8AD1E1E3}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{4DDB17CC-D052-4355-9F96-C697B43FFC8A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{4EDDF1FE-5AC7-4B33-B629-2797155EEB2B}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{4FE9ECD8-84F0-4D46-89BF-2A7144A36242}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{52491BD5-4124-437F-ACB2-7188D1A7990C}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{52A911AF-C727-46F8-8D3E-0963D5598307}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{52D6E222-1E92-4D13-8F96-BCDA67098CB1}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{56224BF2-7FA0-4012-86F6-094CB2A635F1}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{56354CE9-971E-45F9-9828-72EFA70D4FE2}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{56B34784-E12E-496F-A0FF-D6763D5F0DEA}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{57218951-0A27-48A4-83EA-EDBA4A44CFCA}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{595ADA6B-9BCF-4B0A-8BFE-E99CBD19C169}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{595E61FC-6B09-4EB0-AB5A-421369BFFEDE}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{59BAABB8-E425-4A0A-8F88-29C6B6923B35}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{59CBB4CD-F683-4FAE-A0F0-5159C66F6A55}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{59F1BD65-51F6-4E6C-A63E-2367DA0F3E63}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{609F2935-5920-4B09-A0DD-4800EB4E3397}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{617AA03F-E009-4976-B164-57F7E2C752F3}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{63F9E055-A2A2-4C3D-BF0F-CEC0D5BC0F28}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{654058BB-9467-4A74-8834-4D504AC97F6D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{670FB39E-CDBF-4DD3-AFEB-A6ACC39CD75A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{68CA722B-CA59-4FAE-932A-CD800BAA5B8D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{6DD0EE4E-CAC2-41E7-B7A7-53C788957670}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{6EA046FD-19FF-4335-AFC1-3E0783010612}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{6ED099AA-709B-4725-9D7C-EEAD67803F7A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{71C21126-7E16-496C-964C-181834DF1130}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{72C47F9F-2E70-4DC7-9BCC-C51C8DE6204B}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{75CADA74-AA55-433A-A2D1-1996884EA09F}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{774D6FB8-949E-42BB-8A00-932637FCFC0D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{79FD6420-0F49-42BA-85C0-F383F8298D18}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{7A378F8B-DF43-435B-A861-45482E423016}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{8019E5D6-50BB-476A-80EA-58AD602CA808}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{80D3EC12-7BA7-4760-BFC2-95FB21ED0145}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{80F8DA64-ECFF-454E-A038-D9D2CE0FB5D9}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{864BF5D9-B780-42BC-B5A1-36DD559F70A6}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{87C22531-1F74-4AA0-9E60-47E1CC0FCD1E}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{87CAACC6-1C2E-4BD9-A8F9-25B541FA15AC}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{890C82B1-1B13-40FC-838D-F3D4E8D180AE}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{8F9E4850-F9B6-46A9-B279-AED3E68A3F5C}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{8FD8BF32-224B-45F6-8533-B2C180BE2F38}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{91B61EBB-68E8-40CE-8F8B-E2E139F58C9C}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{924F12C3-9B2F-4753-9786-456E1BFA105F}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{9466DDF0-E144-40B3-A680-17DEF2822167}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{94F5AA81-0D4C-4738-936E-BDD35DD4DB91}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{96EC6474-9F1B-473D-9015-C847A0FA84B1}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{98130978-CAF8-4A0C-A8EB-74C58F0884C2}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{99E65586-CC61-448A-B5DC-24644D39B255}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{A4ACAD86-C6FE-486F-A866-D9073CEDDCF0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{A4BF47A3-09C1-443B-819B-891792E10ACF}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{A5D8D058-0CEE-46B1-99C0-8381D7AAA926}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{A71F3EE9-003D-4A4C-8492-E991131F9497}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{AD37009C-3A88-4498-ADFB-AD42CC6D3725}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{AE5BF387-5EA1-4813-8C5F-52E0BAC7BA27}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{B0E0F77A-9B9D-4699-A3E2-119C84E4A8B0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{B22F7CF0-8CBA-437F-ADF8-058D1AB262F9}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{B82FEC98-3B5A-443A-9316-F46AE0E24C73}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{BA1E9F5C-3AF4-4471-B502-0AFB04180717}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{BB40F75F-8219-4F28-B55E-A0A4E3AD6787}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C0D57416-0A5C-4D3C-8F5A-2CF783A4D65A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C2EC55CA-D5AD-4377-AD36-A50BF6AF5AAD}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C64F93EF-EB18-470E-9303-914699BF7EA5}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C6AA8016-917E-420D-A0E9-5977C8632FF9}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C6C1AD26-573B-4E25-816F-5E0DB16DADC8}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C923AC01-4526-41E8-B5F8-886F9E3B6574}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{C9B64502-32C2-4E61-A2A6-A2EEAC10E54A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{CB34F637-DE43-4D0E-B04D-3834409AAD07}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{CFA5811C-D171-485F-BD21-2C97D68CC57E}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{D53C9A63-C8DD-4FB6-89FA-7FCC58C0FFED}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{D5CC9153-9C6B-4014-87B8-70D40CFD4353}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{D6DEECB2-463B-4C9F-8A96-113CF6273DB2}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{D6E526B8-92F7-4E13-ABD2-61E5BBAB8134}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{DB12A265-8B52-466E-AE15-087F0F34E9CC}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{DC57FBF3-EB7E-4543-868D-721972896F96}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E05F7D0F-1733-417C-BDFB-2CB3C353B133}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E139049C-4D53-4E72-BB14-417F971773AE}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E3914E0C-80E5-49A0-9B4F-9FECFA2BD579}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E41BB3BF-1A76-45D8-97A8-4F2A6D6919D3}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E739CC7C-1662-4FA2-8264-8F4FE659D0E6}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E86F32EC-2630-4623-AED6-E5AAFC69A4D6}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{E964263D-A433-4F77-8CBB-042842CAA63D}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{EE4B5CD3-3D3D-4997-880C-B7D135245F16}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F1941477-F63A-480C-A6AE-0D692CACAC68}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F2BDDDAA-69B0-4E40-9ED2-C77508561B4C}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F3EED8AF-1630-4D9C-9B07-09C8BE7A2D11}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F59F16CC-A537-478F-B884-5DC527CE33D3}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F6289FAF-DD5B-40FA-9C4D-A554D7EBCEC0}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F667BB6C-0BC0-4311-99F9-7E785864836A}
Successfully deleted: [Empty Folder] C:\Users\Krystal\Appdata\Local\{F887D31E-94CB-4284-9187-1CC9917FC801}
Successfully deleted: [Folder] C:\Program Files (x86)\alotappbar
Successfully deleted: [Folder] C:\Program Files (x86)\babylon
Successfully deleted: [Folder] C:\Program Files (x86)\zoom downloader
Successfully deleted: [Folder] C:\Program Files\babylon
Successfully deleted: [Folder] C:\ProgramData\ask
Successfully deleted: [Folder] C:\ProgramData\babylon
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\babylon
Successfully deleted: [Folder] C:\ProgramData\tarma installer
Successfully deleted: [Folder] C:\Users\Krystal\Appdata\Local\babylon
Successfully deleted: [Folder] C:\Users\Krystal\Appdata\LocalLow\alotappbar
Successfully deleted: [Folder] C:\Users\Krystal\Appdata\LocalLow\downloadmanager
Successfully deleted: [Folder] C:\Users\Krystal\AppData\Roaming\babylon
Successfully deleted: [Folder] C:\Users\Krystal\AppData\Roaming\desktopiconforamazon
Successfully deleted: [Folder] C:\Users\Krystal\AppData\Roaming\w3i, llc
Successfully deleted: [Folder] C:\Windows\SysWOW64\ai_recyclebin



~~~ FireFox

Successfully deleted: [Folder] C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@babylontc.com
Successfully deleted the following from C:\Users\Krystal\AppData\Roaming\mozilla\firefox\profiles\qycasj55.default-1423976613079\prefs.js

user_pref(browser.search.hiddenOneOffs, Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Secure Search,Twitter,Wikipedia (en));
Emptied folder: C:\Users\Krystal\AppData\Roaming\mozilla\firefox\profiles\qycasj55.default-1423976613079\minidumps [21 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Krystal\Appdata\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh

[C:\Users\Krystal\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Krystal\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
bopakagnckmlgajfccecajhnimjiiedh

[C:\Users\Krystal\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Krystal\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/03/2015 at 10:48:37.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


# AdwCleaner v5.017 - Logfile created 03/11/2015 at 11:02:46
# Updated 03/11/2015 by Xplode
# Database : 2015-11-01.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Krystal - KRYSTAL-HP
# Running from : C:\Users\Krystal\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zoom Downloader
[-] Folder Deleted : C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\2jbg33h1.default\Extensions\staged\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

***** [ Files ] *****

[-] File Deleted : C:\Users\Krystal\AppData\Roaming\Mozilla\Firefox\Profiles\2jbg33h1.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key Deleted : HKCU\Software\OCS
[-] Key Deleted : HKCU\Software\systweak
[-] Key Deleted : HKLM\SOFTWARE\systweak
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon

***** [ Web browsers ] *****

[-] [C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Krystal\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearchdial.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1857 bytes] ##########



#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 03 November 2015 - 10:24 PM

How is your system running now?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 04 November 2015 - 03:55 PM

Appears to be running perfectly! No bad guys found by MalwareBytes in most recent scan. Thank you, Bat Person! :grinner:



#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 04 November 2015 - 06:22 PM

That sounds good to me; let's get you cleaned of tools and on your way!
 

All right!! :bananas: Your logs are clean and you're good to go now!! :thumbup2: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.

  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):

  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:

  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:

  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).



You are now done! :thumbup2: :grinner: :thumbup2: :grinner: :smilers:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 05 November 2015 - 02:46 PM

Hey, I checked my firewall and I got a message saying that my firewall is off because McAfee is handling those functions. Is that okay?

Thanks for everything! I'm going to tip you, but I want to give you more than the $4 I currently have in Paypal, so you'll have to wait. :)




# DelFix v1.011 - Logfile created 05/11/2015 at 11:12:22
# Updated 18/08/2015 by Xplode
# Username : Krystal - KRYSTAL-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Krystal\Desktop\Addition.txt
Deleted : C:\Users\Krystal\Desktop\AdwCleaner.exe
Deleted : C:\Users\Krystal\Desktop\Fixlog.txt
Deleted : C:\Users\Krystal\Desktop\FRST.txt
Deleted : C:\Users\Krystal\Desktop\FRST64.exe
Deleted : C:\Users\Krystal\Desktop\JRT.exe
Deleted : C:\Users\Krystal\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #379 [Windows Backup | 11/02/2015 03:00:14]
Deleted : RP #381 [Restore Point Created by FRST | 11/02/2015 22:51:04]
Deleted : RP #382 [Windows Update | 11/03/2015 17:17:17]
Deleted : RP #383 [JRT Pre-Junkware Removal | 11/03/2015 18:42:36]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########



#12 Uh-Oh

Uh-Oh
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  

Posted 05 November 2015 - 03:04 PM

Something else I'm not sure about. One of the links you posted recommends SpywareBlaster

 SpywareGuard and SuperAntiSpyware.

So far I've got McAfee, MalwareBytes, Spybot, and Windows Defender. Should I get all these others and run them all at the same time?



#13 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 06 November 2015 - 12:27 AM

Something else I'm not sure about. One of the links you posted recommends SpywareBlaster
 SpywareGuard and SuperAntiSpyware.

So far I've got McAfee, MalwareBytes, Spybot, and Windows Defender. Should I get all these others and run them all at the same time?

 

No you have enough,  Actually, McAfee and Malwarebytes Anti-Malware should be enough.

 

As to the tip, this is optional (as my signature states).  Enjoy your system and the Holidays.  :)


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:04:00 AM

Posted 06 November 2015 - 12:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users