Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Exploit Java and Java/CVE-2013-1493 Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 theparker5hb

theparker5hb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 31 October 2015 - 04:32 PM

Hello,

 

I recently had the two Trojan virus warnings caught by my AVG Anti Virus - It says they were deleted but ever since I have had erratic, slow and error messages popping up on Firefox and Chrome. Can you please help me to see if something is still in my machine? I ran Malware Bytes - nothing found - then ran a full scan with AVG and again nothing. The machine just does not perform like it was at all.

 

Thank you for any help - Jeff



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 02 November 2015 - 11:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

#3 theparker5hb

theparker5hb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 November 2015 - 10:08 AM

Hi Nasdaq, Thank you - I was travelling and now back to tend to this PC issue. I will follow your instructions and get back shortly - Thank you!



#4 theparker5hb

theparker5hb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 November 2015 - 10:47 AM

I ran AdWcleaner - when I went to create a log file it opens my Photo Gallery program and says it cannot recognize it. It is defaulting there for some reason. Any help on that please? Thank you



#5 theparker5hb

theparker5hb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 November 2015 - 11:10 AM

Hi Nasdaq - I figured it out!  OK here is the AdwCleaner txt file. I did not unclick anything as I didnt want to remove something I shouldn't . I will run the Farbar Recovery later today then report back - thank you

 

# AdwCleaner v5.017 - Logfile created 04/11/2015 at 07:20:58
# Updated 03/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Dominique - DOMSLAPTOP
# Running from : C:\Users\Dominique\Downloads\adwcleaner_5.017.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Kreapixel
Folder Found : C:\Program Files (x86)\Yahoo!\Companion
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\BrowserDefender
Folder Found : C:\ProgramData\SpeedMaxPc
Folder Found : C:\Users\Dominique\AppData\Local\DownloadTerms
Folder Found : C:\Users\Dominique\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dominique\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Dominique\AppData\Roaming\DriverCure
Folder Found : C:\Users\Dominique\AppData\Roaming\SpeedMaxPc
Folder Found : C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

***** [ Files ] *****

File Found : C:\END
File Found : C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default\user.js

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\inbox
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKCU\Software\80db88b43ee417
Key Found : HKLM\SOFTWARE\80db88b43ee417
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKCU\Software\SpeedMaxPC
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\SpeedMaxPC
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D

***** [ Web browsers ] *****

[C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : babylon.com
[C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : dlmebkoiahbppacaicbgncnjhbpdfkcc

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3825 bytes] ##########
 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 04 November 2015 - 11:23 AM


The log created by the Farbar tool will have a .txt (extension)

What you have is that your file association for a .txt file is your Photo Gallery program which is not normal.

Follow the instructions on this page.

http://www.thewindowsclub.com/change-file-associations-windows

.

Open Control Panel > Control Panel Home > Default Programs > Set Associations. Select a file type in the list and click Change Program.

Selec the .txt extension in the file Association windows, Click the change button, select Notepad.
Click the Apply button if your see one, if not close the windows.

Restart the computer normally.

Find the two .txt files created by the Farbar tool.
Click the files and they should open in Notepad.

#7 theparker5hb

theparker5hb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 04 November 2015 - 09:06 PM

Nasdaq - thanks for the info on how to get back to making the txt extension file association!  Here are the results of the Farbar tool log and addition. What do you see?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-11-2015
Ran by Dominique (administrator) on DOMSLAPTOP (04-11-2015 17:10:59)
Running from C:\Users\Dominique\Downloads
Loaded Profiles: Dominique (Available Profiles: Dominique)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-10-28] (Absolute Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2258056 2013-09-24] (Microsoft Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212584 2015-10-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Spotify Web Helper] => C:\Users\Dominique\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-19] (Spotify Ltd)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Facebook Update] => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-01] (Facebook Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Dropbox Update] => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Google Update] => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {80c75611-5791-11e3-bec1-08edb9615fa0} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {bea5a089-f41f-11e4-bf27-e0db5584d1ab} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {f0672624-0301-11e5-bf2a-e0db5584d1ab} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-06-23]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-10-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24DA3B4C-B9E9-4A56-91A8-E89290821128}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61744590-F0C6-4814-AA8D-72DB14495FF8}: [DhcpNameServer] 192.168.5.10

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> DefaultScope {E2134FD1-09AB-4E78-8F04-581C1D8EEE13} URL =
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> {E2134FD1-09AB-4E78-8F04-581C1D8EEE13} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> No Name - {45504E56-3634-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dominique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF user.js: detected! => C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default\user.js [2015-11-02]
FF Extension: Yahoo! Toolbar - C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-11-04] [not signed]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-10-16] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162H"
CHR NewTab: Default -> "chrome-extension://oikdphhbmkgffaopgmlfifpaobijngif/stubby.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Widevine Media Optimizer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npWidevineMediaOptimizer.dll (Google Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dominique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-10]
CHR Extension: (Block Collapse Challenge) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Pin It Button) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-30]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-02-26]
CHR Extension: (Webcam Toy) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-26]
CHR Extension: (Skype Click to Call) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (My Chrome Theme) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (FromDocToPDF) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdphhbmkgffaopgmlfifpaobijngif [2015-06-27]
CHR Extension: (Gmail) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (No Name) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej [2013-02-07]
CHR Extension: (Google Drive) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-11]
CHR Extension: (YouTube) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Google Search) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-11]
CHR Extension: (SiteAdvisor) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-11-11]
CHR Extension: (Gmail) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software)
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-05] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-10-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-10-20] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-24] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lxdxCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdx_device; C:\WINDOWS\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 lxdx_device; C:\WINDOWS\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-05] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:10 - 2015-11-04 17:10 - 00033545 _____ C:\Users\Dominique\Downloads\FRST.txt
2015-11-04 17:09 - 2015-11-04 17:13 - 00000000 ____D C:\FRST
2015-11-04 17:05 - 2015-11-04 17:05 - 02198016 _____ (Farbar) C:\Users\Dominique\Downloads\FRST64.exe
2015-11-04 07:13 - 2015-11-04 07:20 - 00000000 ____D C:\AdwCleaner
2015-11-04 07:09 - 2015-11-04 07:09 - 01708032 _____ C:\Users\Dominique\Downloads\adwcleaner_5.017.exe
2015-11-02 13:30 - 2015-11-02 14:26 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-10-26 20:21 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-10-26 20:21 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-23 15:25 - 2015-10-23 15:25 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 05:59 - 2015-10-18 06:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-14 20:02 - 2015-09-29 04:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 20:02 - 2015-09-29 04:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 20:02 - 2015-09-29 04:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 20:02 - 2015-09-29 04:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 20:02 - 2015-09-29 04:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 20:02 - 2015-09-24 09:51 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2015-10-14 20:02 - 2015-09-24 09:38 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2015-10-14 20:02 - 2015-09-24 09:30 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2015-10-14 20:02 - 2015-09-24 08:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 20:02 - 2015-09-24 08:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 20:02 - 2015-08-26 18:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 20:02 - 2015-08-26 18:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 20:02 - 2015-08-07 06:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 20:02 - 2015-08-06 08:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 20:02 - 2015-08-06 08:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 20:01 - 2015-09-29 04:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 20:01 - 2015-09-28 10:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 20:01 - 2015-09-28 10:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 20:01 - 2015-09-28 10:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 20:01 - 2015-09-28 10:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 20:01 - 2015-09-28 10:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 20:01 - 2015-09-28 10:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 20:01 - 2015-09-28 10:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 20:01 - 2015-09-28 10:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 20:01 - 2015-09-18 19:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 20:01 - 2015-09-18 05:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 20:01 - 2015-09-10 10:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 20:01 - 2015-09-10 09:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 20:01 - 2015-09-10 09:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 20:01 - 2015-09-10 09:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 20:01 - 2015-09-10 09:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 20:01 - 2015-09-10 09:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 20:01 - 2015-09-10 09:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 20:01 - 2015-09-10 09:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 20:01 - 2015-09-10 08:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 20:01 - 2015-09-10 08:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 20:01 - 2015-09-10 08:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 20:01 - 2015-09-10 08:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 20:01 - 2015-09-10 08:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 20:01 - 2015-09-10 08:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 20:01 - 2015-09-10 08:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 20:01 - 2015-09-10 08:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 20:01 - 2015-09-10 08:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 20:01 - 2015-09-10 08:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 20:01 - 2015-09-10 08:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 20:01 - 2015-09-10 08:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 20:01 - 2015-09-10 08:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 20:01 - 2015-09-10 08:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 20:01 - 2015-09-10 08:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 20:01 - 2015-09-10 08:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 20:01 - 2015-09-10 08:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 20:01 - 2015-09-10 08:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 20:01 - 2015-09-10 08:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 20:01 - 2015-09-10 08:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 20:01 - 2015-09-10 08:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 20:01 - 2015-09-10 07:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 20:01 - 2015-09-10 07:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 20:01 - 2015-09-10 07:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 20:01 - 2015-09-10 07:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 20:01 - 2015-09-10 07:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 20:01 - 2015-09-10 07:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 20:01 - 2015-09-10 07:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 20:01 - 2015-09-10 07:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 20:01 - 2015-09-10 07:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 20:01 - 2015-09-10 07:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 20:01 - 2015-08-06 09:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 20:01 - 2015-08-06 08:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 20:01 - 2015-07-16 10:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-07 05:48 - 2015-10-07 05:48 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-04 17:33 - 2013-10-29 08:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-04 17:30 - 2013-12-09 19:55 - 00000000 ____D C:\ProgramData\MFAData
2015-11-04 17:12 - 2015-09-10 19:02 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-04 17:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-04 16:48 - 2015-06-17 19:36 - 00000956 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-04 16:47 - 2015-06-17 19:36 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-11-04 16:39 - 2015-03-21 11:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-04 16:32 - 2013-10-19 10:43 - 01481647 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-04 16:09 - 2012-11-18 09:39 - 00000966 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-04 16:05 - 2013-10-19 14:34 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5AA32188-2B97-4787-8D0F-403C24265B87}
2015-11-04 16:03 - 2013-11-19 18:55 - 00000000 ___RD C:\Users\Dominique\Dropbox
2015-11-04 16:03 - 2013-11-19 18:52 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\Dropbox
2015-11-04 16:03 - 2013-10-29 08:22 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-04 16:01 - 2013-10-19 11:52 - 00000000 __RDO C:\Users\Dominique\SkyDrive
2015-11-03 20:12 - 2015-09-10 19:02 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-11-03 17:16 - 2012-11-09 16:11 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\PCDr
2015-11-02 21:17 - 2012-11-08 17:32 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2903894491-2310168910-368854483-1001
2015-11-02 20:31 - 2013-09-29 20:15 - 00338442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-02 14:25 - 2015-06-28 09:24 - 00000000 ____D C:\ProgramData\Yahoo!
2015-11-02 13:24 - 2012-09-29 07:01 - 00000000 ____D C:\Temp
2015-11-01 08:36 - 2013-11-14 08:37 - 00000000 ____D C:\Users\Dominique\Documents\Outlook Files
2015-11-01 08:00 - 2013-01-02 09:25 - 00000636 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw_PreFetch.job
2015-11-01 08:00 - 2013-01-02 09:25 - 00000566 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw_PreFetch.job
2015-11-01 07:08 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-31 09:55 - 2013-08-22 06:46 - 00400646 _____ C:\WINDOWS\setupact.log
2015-10-31 09:55 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 09:54 - 2013-09-29 20:03 - 01069338 _____ C:\WINDOWS\PFRO.log
2015-10-31 09:53 - 2013-08-22 05:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-10-31 07:21 - 2014-08-23 11:33 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-30 16:31 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-30 15:15 - 2013-03-19 15:01 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\WindSolutions
2015-10-27 16:31 - 2012-11-09 16:09 - 00000000 ____D C:\Users\Dominique\AppData\Local\CrashDumps
2015-10-26 20:23 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-26 18:37 - 2014-03-31 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-26 18:37 - 2013-12-09 19:58 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-10-25 11:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-25 08:00 - 2013-01-02 09:25 - 00000618 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw.job
2015-10-25 08:00 - 2013-01-02 09:25 - 00000548 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw.job
2015-10-24 09:09 - 2012-11-18 09:39 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-10-23 15:30 - 2013-10-29 08:22 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 15:20 - 2013-01-02 09:25 - 00000486 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_Updater.job
2015-10-23 15:20 - 2013-01-02 09:25 - 00000452 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_Updater.job
2015-10-18 06:58 - 2015-03-21 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 16:34 - 2014-12-12 08:26 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-17 16:34 - 2014-07-09 06:15 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-17 16:34 - 2013-08-22 07:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-17 16:34 - 2012-11-11 09:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-17 16:32 - 2012-07-25 21:26 - 00000234 _____ C:\WINDOWS\win.ini
2015-10-17 16:29 - 2013-08-16 04:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-17 16:14 - 2012-12-12 10:16 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-16 16:39 - 2015-03-21 11:33 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-15 21:14 - 2013-12-11 21:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 20:51 - 2015-03-13 20:49 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 20:51 - 2015-03-13 20:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-07 21:50 - 2013-11-14 08:38 - 00000000 ____D C:\Users\Dominique\AppData\Local\Deployment
2015-10-07 05:48 - 2013-05-21 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-10-06 19:34 - 2015-04-08 16:01 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-10-05 19:35 - 2015-04-08 16:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX

==================== Files in the root of some directories =======

2014-04-01 10:45 - 2014-04-01 10:46 - 0005120 _____ () C:\Users\Dominique\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 12:24 - 2015-05-16 12:27 - 0007627 _____ () C:\Users\Dominique\AppData\Local\resmon.resmoncfg
2013-10-28 22:09 - 2013-10-28 22:09 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2014-08-24 11:03 - 2015-04-18 08:02 - 0000504 _____ () C:\ProgramData\FastPics.log
2015-01-28 23:30 - 2015-01-28 23:31 - 0001075 _____ () C:\ProgramData\hpzinstall.log
2014-10-30 06:25 - 2015-10-02 19:26 - 0001424 _____ () C:\ProgramData\lxdx.log
2015-02-04 09:36 - 2015-02-04 09:36 - 0000468 _____ () C:\ProgramData\lxdxDiagnostics.log
2014-08-17 08:50 - 2014-08-17 08:50 - 15051199 _____ () C:\ProgramData\SPL589.tmp
2015-04-15 19:13 - 2015-04-15 19:13 - 39605891 _____ () C:\ProgramData\SPL723E.tmp
2014-11-19 20:19 - 2014-11-19 20:19 - 0409606 _____ () C:\ProgramData\SPL73E6.tmp
2014-08-17 08:52 - 2014-08-17 08:52 - 3139510 _____ () C:\ProgramData\SPL8B5E.tmp
2014-08-17 11:07 - 2014-08-17 11:07 - 0739836 _____ () C:\ProgramData\SPL8F06.tmp
2015-03-29 08:27 - 2015-03-29 08:27 - 0796336 _____ () C:\ProgramData\SPL9779.tmp
2015-01-07 19:15 - 2015-01-07 19:15 - 0098570 _____ () C:\ProgramData\SPL9975.tmp
2014-09-13 13:59 - 2014-09-13 13:59 - 0523842 _____ () C:\ProgramData\SPLD25.tmp
2014-09-30 09:57 - 2014-09-30 09:57 - 41150944 _____ () C:\ProgramData\SPLD4F2.tmp
2015-02-04 09:35 - 2015-02-04 09:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-09-29 06:57 - 2012-09-29 06:57 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-09-29 06:53 - 2012-09-29 06:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-09-29 06:54 - 2012-09-29 06:55 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-09-29 06:53 - 2012-09-29 06:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-09-29 06:56 - 2012-09-29 06:57 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\Dominique\AppData\Local\Temp\4taa1nge.dll
C:\Users\Dominique\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2cw9vh.dll
C:\Users\Dominique\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Dominique\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Dominique\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Dominique\AppData\Local\Temp\hvz9h0cz.dll
C:\Users\Dominique\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Dominique\AppData\Local\Temp\rk.exe
C:\Users\Dominique\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Dominique\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Dominique\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dominique\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Dominique\AppData\Local\Temp\VerizonWirelessSoftwareUpgradeAssistant_1.4.5.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-31 10:06

==================== End of FRST.txt ============================

 

Addition file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-11-2015
Ran by Dominique (2015-11-04 17:39:40)
Running from C:\Users\Dominique\Downloads
Windows 8.1 Pro with Media Center (X64) (2013-10-19 19:47:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2903894491-2310168910-368854483-500 - Administrator - Disabled)
Dominique (S-1-5-21-2903894491-2310168910-368854483-1001 - Administrator - Enabled) => C:\Users\Dominique
Guest (S-1-5-21-2903894491-2310168910-368854483-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2014 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Notifier (HKLM-x32\...\{EBE939ED-4612-45FD-A39E-77AC199C4273}) (Version: 1.4.3.20 - Absolute Software)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Outlook Addin 2010 (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\D9918D4858F5B722A4667B7989E1983A8FCC0462) (Version: 1.0.0.0 - Microsoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4842 - AVG Technologies)
AVG 2014 (Version: 14.0.4447 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4842 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (en-US) (x32 Version: 15.0.1001.105 - AVG Technologies) Hidden
AVG PC TuneUp 2015 (x32 Version: 15.0.1001.105 - AVG Technologies) Hidden
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.328.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.14.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.1.1 - Canon Inc.)
Canon Utilities EOS Utility 2 (HKLM-x32\...\EOS Utility 2) (Version: 2.14.0.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.14.0.0 - Canon Inc.)
ChromecastApp (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{FC17A719-AE8E-4735-BA00-45887B6A2B51}) (Version: 8.29.3216 - Cisco WebEx LLC)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.210 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Download Navigator (HKLM-x32\...\{D0735505-251C-41E4-A64A-D6D0A5E8FB4D}) (Version: 3.4.2 - SEIKO EPSON CORPORATION)
Dropbox (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Epicurious Daily Recipes (HKLM-x32\...\{0907453A-9EF6-4A74-AE9F-69CABD59D0FB}) (Version: 1 - Condé Nast)
Epicurious Healthy Dinner Tonight (HKLM-x32\...\{28DDE79B-619B-4444-9043-9D1CC5D46C7B}) (Version: 1 - Condé Nast)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-2540 Series Printer Uninstall (HKLM\...\EPSON WF-2540 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet J4500 Series 14.0 Rel. 6 (HKLM\...\{EACF146B-01D2-4185-B773-9604A0E5902A}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}) (Version: 3.0.2.163 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
J4500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
join.me (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\JoinMe) (Version: 1.10.1.258 - LogMeIn, Inc.)
Lexmark 3600-4600 Series (HKLM\...\Lexmark 3600-4600 Series) (Version:  - Lexmark International, Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Mystery Case Files: Ravenhearst &reg; (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version:  - )
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Recover Keys (HKLM-x32\...\Recover Keys_is1) (Version: 8.0.3.113 - Recover Keys)
Redemption Cemetery: Curse of the Raven (HKLM-x32\...\BFG-Redemption Cemetery - Curse of the Raven) (Version:  - )
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{A3B308B9-BE96-4334-816F-3D82B19A7DE2}) (Version: 4.1.7 - SEIKO EPSON CORPORATION) <==== ATTENTION
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Verizon Software Upgrade Assistant (x32 Version: 14.11.3101 - Motorola Mobility) Hidden
Verizon Wireless Software Upgrade Assistant for Motorola (HKLM-x32\...\{9BEDD987-AC68-44D2-8803-EC0650F6C43F}) (Version: 1.4.5 - Motorola Mobility)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Widevine Media Optimizer Chrome 6.0.0 (HKLM-x32\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================

17-10-2015 07:44:21 Windows Update
26-10-2015 20:02:31 Scheduled Checkpoint
03-11-2015 11:48:31 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00E50BB5-F24B-4BE0-80F9-E0D3F6CF40AD} - System32\Tasks\HP_EpicuriousHealthyDinnerTonight_Updater => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWUpdater.exe [2012-04-16] (Microsoft)
Task: {00F9265B-AA4A-4E15-85F4-1831FCE269C1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {1C3CB7DB-8029-4A92-97C6-915F7FB3A49E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {1C691377-CCDC-4CA6-9C31-D4E8F1841CF2} - System32\Tasks\Verizon Wireless Upgrade Assistant Update Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-04-15] ()
Task: {1E0D8206-E01F-4654-87B4-A871A36CE335} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {1E17D775-32D3-4A65-B1A2-C275B9440E84} - System32\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw_PreFetch => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {2C537E20-6F3C-4F19-A05D-196987942452} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {377095A8-3450-4A2D-99F2-18A9C0978398} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {39F310F6-EF08-41D4-ADC6-D52795A9A94F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {517ABC6F-3030-478D-B376-021F0939BCD0} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-01] (Facebook Inc.)
Task: {55C602B7-6E33-4A2C-ADD1-2C2958379345} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {599F28A1-591B-4A58-BDDA-45C15EE851AD} - System32\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw_PreFetch => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {64BF57F5-8388-456D-9221-CE215A928A3C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {6E09E995-E04E-44FA-9F95-9818746298EC} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {715E0B50-2518-41C5-AB1B-761A74AD2743} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {77AAD23C-449A-43D8-B5B9-9C0555EBCA6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-01] (Facebook Inc.)
Task: {821A7EBE-EAFA-441D-B50D-C0313EF1BDCF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8C44622D-E7CD-41FE-818C-BA2B5B993E05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)
Task: {90D45BD7-88D6-4040-97D3-E3193CACE0F1} - System32\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {92FDA0EF-252F-4D90-8B0B-1254955E88B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {9482CA58-B7B6-40D1-A3E6-0C8D27B2FC4F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {9BF825E5-8029-4B6C-B913-66EB54D3842E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {A3B9C118-803F-4A59-82B3-839556DF98E9} - System32\Tasks\HP_EpicuriousDailyRecipes_Updater => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWUpdater.exe [2012-04-16] (Microsoft)
Task: {A47AEC44-7986-4D42-9827-3E51F9AEB1DF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {A5A3CEFF-41D4-4DD5-A0F2-B3E90733B857} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {A82596E4-209B-4172-AFA6-9F3C4A9E4841} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C0830DC9-7BA0-418A-BC29-9EE2AB5191AA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-17] (Microsoft Corporation)
Task: {C0D79BA5-19BB-486F-823B-B8C46ECE900B} - System32\Tasks\Verizon Wireless Upgrade Assistant Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\VerizonWirelessUpgradeAssistantUpdate.exe [2015-04-15] ()
Task: {C5A58F57-25ED-4373-A40E-B4D5A9692930} - System32\Tasks\HP_LOGON_EpicuriousDailyRecipes => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {C9208710-526F-4F77-931A-560EFAA6D655} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe
Task: {C9F90ADE-5221-44D0-B68C-876AF3F00ED2} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2903894491-2310168910-368854483-1001
Task: {D278A293-12FF-4CD2-BF80-F63DE616409B} - \EPUpdater -> No File <==== ATTENTION
Task: {DFEEFDC1-783B-4388-84E5-38A88DB2A14F} - System32\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {EBE6811E-FB63-4C98-B0B8-05D6D6AA1E41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ED92B9B1-5DFF-43E6-8245-D77C95BDF2E9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F1250883-67CA-41E1-8CFC-39786FA5D94F} - System32\Tasks\HP_LOGON_EpicuriousHealthyDinnerTonight => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWScheduler.exe [2012-04-16] (Hewlett-Packard Company)
Task: {FC803448-5573-476E-9F64-D98C53A9A20D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-10] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw.job => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWScheduler.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw_PreFetch.job => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWScheduler.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_Updater.job => C:\Program Files (x86)\Condé Nast\Epicurious Daily Recipes\hpBPWUpdater.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw.job => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWScheduler.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw_PreFetch.job => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWScheduler.exe
Task: C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_Updater.job => C:\Program Files (x86)\Condé Nast\Epicurious Healthy Dinner Tonight\hpBPWUpdater.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-25 09:48 - 2009-10-16 12:12 - 00177664 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2012-09-29 06:55 - 2012-04-24 18:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-08-06 16:16 - 2012-08-06 16:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
2012-08-06 16:16 - 2012-08-06 16:16 - 03765248 _____ () C:\Program Files\Cirrus Logic Audio Panel\en-US\CirrusAudioPanel_Dell.resources.dll
2012-08-06 16:16 - 2012-08-06 16:16 - 00048128 _____ () C:\Program Files\Cirrus Logic Audio Panel\CoreAudioApi.dll
2012-08-06 16:16 - 2012-08-06 16:16 - 00013312 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizationControlsLib.dll
2012-08-06 16:16 - 2012-08-06 16:16 - 00270848 _____ () C:\Program Files\Cirrus Logic Audio Panel\LocalizeLanguage.dll
2012-08-06 16:16 - 2012-08-06 16:16 - 00011776 _____ () C:\Program Files\Cirrus Logic Audio Panel\ExtendedWindowsControls.dll
2012-07-31 16:10 - 2012-07-31 16:10 - 00384128 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ContactsApi.dll
2012-12-14 01:42 - 2012-12-14 01:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-25 09:47 - 2010-02-04 00:27 - 00672424 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-29 06:42 - 2012-06-25 07:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2015-04-15 05:11 - 2015-04-15 05:11 - 00162816 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2015-05-25 09:47 - 2010-02-03 23:41 - 00380928 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxscw.dll
2015-05-25 09:47 - 2010-02-03 23:28 - 00589824 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxdatr.dll
2015-05-25 09:47 - 2009-10-16 12:00 - 00073728 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcats.dll
2015-05-25 09:47 - 2010-02-03 23:41 - 00782336 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxDRS.dll
2015-05-25 09:47 - 2010-02-03 23:41 - 00081920 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcaps.dll
2015-05-25 09:47 - 2010-02-03 23:28 - 00069632 _____ () C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxcnv4.dll
2014-10-28 11:22 - 2014-10-28 11:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-11-04 16:02 - 2015-11-04 16:02 - 00071168 _____ () c:\Users\Dominique\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2cw9vh.dll
2015-10-23 15:22 - 2015-09-23 15:07 - 00012800 _____ () C:\Users\Dominique\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-10-23 15:22 - 2015-09-23 15:07 - 00779776 _____ () C:\Users\Dominique\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-10-23 15:22 - 2015-09-23 15:07 - 00056320 _____ () C:\Users\Dominique\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-10-23 15:22 - 2015-09-23 15:07 - 00012288 _____ () C:\Users\Dominique\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Syst53B05F89:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: EpsonScanSvc => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ImageBrowser EX Agent.lnk"
HKLM\...\StartupApproved\Run: => "EzPrint"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{683A1A82-227D-4E08-98D5-036FEB4A14C2}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6EA0B5A3-4643-4214-9904-EAA34491860E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{BF797DB0-D904-4D11-9935-CF5FA46611B0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{FA3AF1B0-EF79-4A16-A99A-55188F0A6BA0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0891B634-5FA3-43D8-A66D-56D5EC189A00}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{24065984-880D-45F8-9558-9D8A971CEB12}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{83D26568-644A-410C-901F-A8747391A737}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{1D80438B-538A-4CEF-86CE-7B75A3A62DE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{8A994BA0-40B6-490C-81D7-CE56483B1519}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{75AA8C9C-9321-475F-8A15-AA162FB12324}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{548DFA03-4464-44A9-8D95-E2BA8F92FF36}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{0B5FF796-A2B4-4E73-AAF1-9AA8187788F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8AC800FB-BFFD-441C-B3AA-6B7CA0D61408}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4A749ED5-8C75-4DC9-8507-A4869AB0F284}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{CE1DB414-FF16-44EA-BBCC-B2281E05252B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{29FCB7CD-ACE3-48A0-9938-8A2D17CA2AE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3A8FBDA8-DCB4-47B6-B527-ABF4DAFB7B87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3620C23D-6B2D-4121-8BE9-11C6A8E4F756}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{935D29AA-8013-4E7E-925B-9C59BB2B1594}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{0B088306-92C2-4859-8E77-CB1C470ABA5D}C:\users\dominique\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominique\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{8BB9B5CB-2FB4-45DC-B061-23C02C2C944A}C:\users\dominique\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominique\appdata\roaming\spotify\spotify.exe
FirewallRules: [{90A43449-9DBE-4F37-BD7F-4630EFF9F993}] => (Allow) LPort=1900
FirewallRules: [{D6A7218A-9D99-4D04-A002-1BE42D0864C9}] => (Allow) LPort=2869
FirewallRules: [{477B503B-4F56-4AD5-9C6A-86DF7149916E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{737772B4-42F5-4B02-B14C-DD7486DE3487}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BD0C7236-E197-4547-B50F-1B346E132D6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0D709FAD-CD05-401D-9645-829720524A52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{29E78A21-AAE7-4194-A010-B1FFBB6728BD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2585D01A-E399-4035-A01D-6D76DBE59BC3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A598DD0-6ADC-443C-BD60-B73F1DDA1946}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{A9244F91-41D2-461A-8604-EF0CE69A710D}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [TCP Query User{74E4D88E-896E-41FA-8674-3FC3B0E2672B}C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\bttray.exe
FirewallRules: [UDP Query User{1CA05619-189B-48E9-AF43-13E70B2578E8}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [TCP Query User{457EBD1E-2D79-43CE-A282-6D703D1F7598}C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe] => (Block) C:\program files (x86)\dell wireless\bluetooth suite\btvstack.exe
FirewallRules: [{9CC46BF6-3D6A-4017-86C4-69A0DF2EB520}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{C7D0D15F-E80C-4AB0-910E-A67F6086DFCC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DB96420D-F888-47F6-8009-D5271FC9BC69}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{4E988A7E-F456-40EC-BF57-E46D1C584FD4}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{8CC392D3-05D5-49A1-8677-FB1FDC540BAA}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{7AD077A2-5C9B-4329-8955-A7A25398EF30}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{3C769AB7-727B-44BD-9835-67CF60DDE9B4}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{74F16B2E-38D6-4C45-86D0-0F63ECCC1A72}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [{1166600F-E826-4980-B811-1C44F2E05E4F}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe
FirewallRules: [TCP Query User{A78BCBC7-0FB1-4748-B4FD-5A50CDAAFB6F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{7B327943-C299-4123-AFEB-81C00AF0306A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8A6A7A5A-62BA-4ECE-AC91-584F930B7523}C:\users\dominique\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dominique\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{29690A0B-62DF-44E5-9722-36EAA603037B}C:\users\dominique\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dominique\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{D300492D-6EB0-4832-89EB-39E052342034}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{458D40DF-C11B-428E-8847-36F3CE72B029}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{511274FC-3D7E-45FA-925B-88CA24072DF4}] => (Allow) C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0F68FFA5-DE73-4730-94C4-BCF9AD17D58E}] => (Allow) C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{8AC9A74C-A9DC-4DC8-BD19-B4DF36E2559D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B239D6B0-D6CB-4DE4-BABC-8B78CC84171A}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{F7D6F3BD-EC3B-4D4E-9115-603B47350D15}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [UDP Query User{285EBA67-8063-4778-B85E-1614D1822B62}C:\program files\microsoft office\office14\groove.exe] => (Block) C:\program files\microsoft office\office14\groove.exe
FirewallRules: [TCP Query User{2820349A-B0F3-43FB-851B-6359A02E6FD2}C:\users\dominique\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominique\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4612938C-BEE2-491B-A622-919B398DE514}C:\users\dominique\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dominique\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6294D93A-9906-4B7D-87D0-E7126407A66B}] => (Allow) C:\Users\Dominique\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{96E7E3E8-0212-4E12-AA71-41E13633D34F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\E_SAG4ST.EXE
FirewallRules: [{43CAEAAC-0F2D-4FDE-BBAF-E2B5EA43C25D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\E_SAG4ST.EXE
FirewallRules: [{03F47291-9422-4773-981D-B2E29EEE3724}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\E_SAG4ST.EXE
FirewallRules: [{74B28F78-43B6-471D-8F79-5BCD98F73B87}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\E_SAG4ST.EXE
FirewallRules: [{A59FE512-1E9C-46FB-8F40-6DF315765A00}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [{0F7DEC66-34FD-459F-96A2-B7D2B88EEC14}] => (Allow) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
FirewallRules: [TCP Query User{9073F27F-7F20-4197-8B17-04E6BEA6997A}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [UDP Query User{AD566E72-2705-4C3B-9E3B-54FFB746729D}C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe] => (Block) C:\program files (x86)\lexmark 3600-4600 series\lxdxmon.exe
FirewallRules: [{E9ECFCA6-3F7C-45CA-9AE2-519B9A7183CB}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{09FFAC21-B3B6-428F-9B3A-088C14EDF4D2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{06536438-FED4-41B1-987F-AC5E58D021E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9F93EEC5-B7AA-4699-B391-89F1332D80A2}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{8E81947D-E620-4226-BE6B-7B81D32C5F2D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{4DFC0614-D5C5-4327-9707-60473BC4A906}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{3718A72B-51D9-40B7-985E-96E3C47EE7F4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{EA1163A6-0E59-48DD-9FBC-4AA73BA6E4C5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A1A906A3-CBAE-49C2-B1F2-2F79AEF96E30}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A5AA28C5-4113-4812-84B7-6FCA3344EAC9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0684BEC5-5D7C-4586-AF5A-B13196EF400D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{18EE158B-EF1B-46F8-A6E6-7CD3E047638D}C:\program files (x86)\gigatribe\gigatribe.exe] => (Allow) C:\program files (x86)\gigatribe\gigatribe.exe
FirewallRules: [UDP Query User{BC21005D-A5C9-4737-8588-229E4E3D920E}C:\program files (x86)\gigatribe\gigatribe.exe] => (Allow) C:\program files (x86)\gigatribe\gigatribe.exe
FirewallRules: [{BD6E14FE-1254-4187-8359-4E2268FBE833}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{4CDB5F9E-4007-4CB1-8A76-7E74F661CE09}] => (Allow) C:\Windows\SysWOW64\lxdxcoms.exe
FirewallRules: [{804C3DD8-848D-4AB7-865D-25E4E07151FD}] => (Allow) C:\Windows\System32\lxdxcfg.exe
FirewallRules: [{6CCAA88C-5D50-4C34-9008-1C8414C542AD}] => (Allow) C:\Windows\System32\lxdxcfg.exe
FirewallRules: [{9BA4D780-6D6F-4F4F-BF3B-E93ADC7A5309}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{C10A77FE-E7A3-4544-9F5D-AEB9853890F8}] => (Allow) C:\Windows\System32\lxdxcoms.exe
FirewallRules: [{0F46460B-6FE3-4E53-9655-9255125C9D22}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{76EB9C13-04EC-4876-B2ED-E02DD0F6576E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxpswx.exe
FirewallRules: [{7AC7D439-FCFA-4B59-81B5-8ADB70C8C628}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
FirewallRules: [{895CDB38-6EBB-43C5-AF72-09322E30A32D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxtime.exe
FirewallRules: [{CA6E9278-9437-4BCB-A02D-2E982EAAE718}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{468E1E4D-943D-4D4C-A859-CAF0DD5A4F09}] => (Allow) C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
FirewallRules: [{33D652FA-7105-4B6B-A723-20182AFA0159}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxjswx.exe
FirewallRules: [{21F5AFF5-CC50-4BD6-8881-8FC7269BE429}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdxjswx.exe
FirewallRules: [{9C3196CB-9243-49C3-8F58-E874E6C965FE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{27F925D1-C861-4C91-BEB1-B340E5646915}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{5FAE304F-DD32-4AB7-9941-483F85FA0337}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
FirewallRules: [{52B64D81-7FCE-4AA5-B5FA-7C4257A1D324}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{9C6BEFE3-36FC-457F-A402-47A5278FF8F1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E5A824EF-F4D8-403C-B461-4E8B1EAB6EC7}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
FirewallRules: [{C822A692-0438-4143-9A40-497E7B4778E8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1703 Bluetooth
Description: Dell Wireless 1703 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/04/2015 05:46:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 117c

Start Time: 01d1176b1378bc20

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 07aae518-835f-11e5-bf4b-e0db5584d1ab

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (11/04/2015 05:16:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1e40

Start Time: 01d11766e2756acd

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: d694f5c4-835a-11e5-bf4b-e0db5584d1ab

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (11/04/2015 05:07:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1aac

Start Time: 01d1175d03cd2024

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 9b1ed234-8359-11e5-bf4b-e0db5584d1ab

Faulting package full name:

Faulting package-relative application ID:

Error: (11/04/2015 04:26:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1198

Start Time: 01d1175fd8ad19d8

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: cd0150a5-8353-11e5-bf4b-e0db5584d1ab

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (11/04/2015 04:26:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10fc

Start Time: 01d1175fd8b0008a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: cc4e83e4-8353-11e5-bf4b-e0db5584d1ab

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/04/2015 04:16:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f60

Start Time: 01d1175e80837553

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 76d31fe3-8352-11e5-bf4b-e0db5584d1ab

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (11/04/2015 04:06:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20911 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11cc

Start Time: 01d1175d0864974c

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: fd180245-8350-11e5-bf4b-e0db5584d1ab

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/04/2015 08:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 31032

Error: (11/04/2015 08:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 31032

Error: (11/04/2015 08:12:39 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/01/2015 08:46:11 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/01/2015 08:46:11 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/31/2015 09:59:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/31/2015 09:55:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Bing Desktop Update service service to connect.

Error: (10/31/2015 09:52:12 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: App.AppX6yygnwabebypxjc6bx7wvtens09wztyw.wwa

Error: (10/31/2015 09:52:12 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (10/31/2015 07:04:04 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/31/2015 07:04:00 AM) (Source: DCOM) (EventID: 10010) (User: DOMSLAPTOP)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca

Error: (10/31/2015 07:03:00 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (10/30/2015 03:34:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Motorola Device Manager Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2015-11-02 13:58:52.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:58:23.694
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:57:48.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:57:05.003
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:56:54.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:56:37.336
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:56:07.029
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:43:23.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-02 13:43:23.132
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-01 07:43:31.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 45%
Total physical RAM: 5504.98 MB
Available physical RAM: 2995.69 MB
Total Virtual: 6400.98 MB
Available Virtual: 3405.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:457.4 GB) (Free:313.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 4C76089B)

Partition: GPT.

==================== End of Addition.txt ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 05 November 2015 - 10:19 AM




Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> No Name - {45504E56-3634-006A-76A7-7A786E7484D7} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} -  No File
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [No File]
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]
FF user.js: detected! => C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\xozzymxr.default\user.js [2015-11-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
CHR NewTab: Default -> "chrome-extension://oikdphhbmkgffaopgmlfifpaobijngif/stubby.html"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Extension: (FromDocToPDF) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdphhbmkgffaopgmlfifpaobijngif [2015-06-27]
CHR Extension: (No Name) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej [2013-02-07]
S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]
CustomCLSID: HKU\S-1-5-21-2903894491-2310168910-368854483-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
Task: {D278A293-12FF-4CD2-BF80-F63DE616409B} - \EPUpdater -> No File <==== ATTENTION
AlternateDataStreams: C:\Syst53B05F89:$WIMMOUNTDATA
AlternateDataStreams: C:\ProgramData\Temp:260575F1
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:B54E4B5A
C:\Users\Dominique\AppData\Local\Temp\4taa1nge.dll
C:\Users\Dominique\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2cw9vh.dll
C:\Users\Dominique\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Dominique\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Dominique\AppData\Local\Temp\GLB1A2B.EXE
C:\Users\Dominique\AppData\Local\Temp\hvz9h0cz.dll
C:\Users\Dominique\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Dominique\AppData\Local\Temp\rk.exe
C:\Users\Dominique\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Dominique\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Dominique\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Dominique\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Dominique\AppData\Local\Temp\VerizonWirelessSoftwareUpgradeAssistant_1.4.5.exe
C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdphhbmkgffaopgmlfifpaobijngif
C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

How is the computer running now?

#9 theparker5hb

theparker5hb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:02 AM

Posted 08 November 2015 - 09:02 PM

Hello Nasdaq- sorry for the delay in getting back. Been away from home again and this computer is at home! I did what you said and reset all of the browsers then ran the FRST log - here you go what do you think? It def runs better but wanted to know if I did have a virus or was it just an outdated machine?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Dominique (administrator) on DOMSLAPTOP (08-11-2015 17:53:12)
Running from C:\Users\Dominique\Downloads
Loaded Profiles: Dominique (Available Profiles: Dominique)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdxserv.exe
( ) C:\Windows\System32\lxdxcoms.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
() C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
() C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [678296 2012-07-09] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [763520 2012-07-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-07-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [lxdxmon.exe] => C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe [672424 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Absolute Notifier] => C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-10-28] (Absolute Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2258056 2013-09-24] (Microsoft Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5212584 2015-10-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Spotify Web Helper] => C:\Users\Dominique\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-19] (Spotify Ltd)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-2540 Series"
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Facebook Update] => C:\Users\Dominique\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-04-01] (Facebook Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [912480 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Dropbox Update] => C:\Users\Dominique\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Messenger (Yahoo!)] => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\Run: [Google Update] => C:\Users\Dominique\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-10] (Google Inc.)
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {80c75611-5791-11e3-bec1-08edb9615fa0} - "E:\MotoCastSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {bea5a089-f41f-11e4-bf27-e0db5584d1ab} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\...\MountPoints2: {f0672624-0301-11e5-bf2a-e0db5584d1ab} - "E:\VerizonWirelessUpgradeAssistantSetup.exe" -a
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2540 Series"
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Dominique\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-10-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2014-06-23]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-10-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Dominique\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-10-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{24DA3B4C-B9E9-4A56-91A8-E89290821128}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{61744590-F0C6-4814-AA8D-72DB14495FF8}: [DhcpNameServer] 192.168.5.10
 
Internet Explorer:
==================
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-2903894491-2310168910-368854483-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> DefaultScope {E2134FD1-09AB-4E78-8F04-581C1D8EEE13} URL = 
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-2903894491-2310168910-368854483-1001 -> {E2134FD1-09AB-4E78-8F04-581C1D8EEE13} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-22] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-22] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Dominique\AppData\Roaming\Mozilla\Firefox\Profiles\3xeosdcw.default-1447033304395
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dominique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903894491-2310168910-368854483-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Dominique\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net [2015-10-16] [not signed]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.bing.com/?pc=U162H"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Widevine Media Optimizer) - C:\Program Files (x86)\Google\Chrome\Application\plugins\npWidevineMediaOptimizer.dll (Google Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.710.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U71) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Dominique\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Profile: C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-10]
CHR Extension: (Block Collapse Challenge) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccnfinpfichedahfpkjopilbkingahem [2015-01-20]
CHR Extension: (Google Search) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Pin It Button) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-09-24]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-05-30]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-02-26]
CHR Extension: (Webcam Toy) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-08-26]
CHR Extension: (Skype Click to Call) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (My Chrome Theme) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (FromDocToPDF) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdphhbmkgffaopgmlfifpaobijngif [2015-11-08]
CHR Extension: (Gmail) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Profile: C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-11]
CHR Extension: (YouTube) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Google Search) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-11]
CHR Extension: (SiteAdvisor) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-11-11]
CHR Extension: (Gmail) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-10-28] (Absolute Software) [File not signed]
R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-05] (Andrea Electronics Corporation)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [207488 2012-07-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3259304 2015-10-20] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301896 2015-10-20] (AVG Technologies CZ, s.r.o.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-09-24] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
S4 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lxdxCATSCustConnectService; C:\WINDOWS\system32\spool\DRIVERS\x64\3\\lxdxserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdx_device; C:\WINDOWS\system32\lxdxcoms.exe [1039872 2009-10-16] ( )
R2 lxdx_device; C:\WINDOWS\SysWOW64\lxdxcoms.exe [589824 2009-10-16] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [128512 2015-04-15] (Motorola Mobility LLC) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [237536 2015-05-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [369120 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [211936 2015-05-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [287208 2015-05-27] (AVG Technologies CZ, s.r.o.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-05] (Cirrus Logic)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-02-26] (Dell Computer Corporation)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [22528 2012-03-26] (Apple Inc.) [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 17:41 - 2015-11-08 17:41 - 00000000 ____D C:\Users\Dominique\Desktop\Old Firefox Data
2015-11-08 17:29 - 2015-11-08 17:29 - 00000000 ____D C:\Users\Dominique\Downloads\FRST-OlderVersion
2015-11-04 17:39 - 2015-11-04 17:51 - 00060068 _____ C:\Users\Dominique\Downloads\Addition.txt
2015-11-04 17:10 - 2015-11-08 17:53 - 00032158 _____ C:\Users\Dominique\Downloads\FRST.txt
2015-11-04 17:09 - 2015-11-08 17:53 - 00000000 ____D C:\FRST
2015-11-04 17:05 - 2015-11-08 17:29 - 02198528 _____ (Farbar) C:\Users\Dominique\Downloads\FRST64.exe
2015-11-04 07:13 - 2015-11-04 07:20 - 00000000 ____D C:\AdwCleaner
2015-11-04 07:09 - 2015-11-04 07:09 - 01708032 _____ C:\Users\Dominique\Downloads\adwcleaner_5.017.exe
2015-10-26 20:21 - 2014-04-15 15:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-10-26 20:21 - 2014-04-15 15:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-10-23 15:25 - 2015-10-23 15:25 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-10-16 05:59 - 2015-10-18 06:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-14 20:02 - 2015-09-29 04:31 - 07457624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 20:02 - 2015-09-29 04:31 - 01658536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 20:02 - 2015-09-29 04:31 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 20:02 - 2015-09-29 04:31 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 20:02 - 2015-09-29 04:31 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 20:02 - 2015-09-24 09:51 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfg.exe
2015-10-14 20:02 - 2015-09-24 09:38 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2015-10-14 20:02 - 2015-09-24 09:30 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2015-10-14 20:02 - 2015-09-24 08:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-10-14 20:02 - 2015-09-24 08:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 20:02 - 2015-08-26 18:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 20:02 - 2015-08-26 18:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-10-14 20:02 - 2015-08-07 13:40 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-10-14 20:02 - 2015-08-07 06:13 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-10-14 20:02 - 2015-08-06 08:47 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-10-14 20:02 - 2015-08-06 08:18 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-10-14 20:01 - 2015-09-29 04:29 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-10-14 20:01 - 2015-09-28 10:45 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-14 20:01 - 2015-09-28 10:26 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-10-14 20:01 - 2015-09-28 10:25 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-10-14 20:01 - 2015-09-28 10:22 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-10-14 20:01 - 2015-09-28 10:22 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-10-14 20:01 - 2015-09-28 10:22 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-10-14 20:01 - 2015-09-28 10:15 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-10-14 20:01 - 2015-09-28 10:13 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-10-14 20:01 - 2015-09-28 10:12 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-10-14 20:01 - 2015-09-18 19:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-10-14 20:01 - 2015-09-18 05:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-10-14 20:01 - 2015-09-18 05:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 20:01 - 2015-09-10 10:02 - 25851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 20:01 - 2015-09-10 09:19 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 20:01 - 2015-09-10 09:18 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-14 20:01 - 2015-09-10 09:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-10-14 20:01 - 2015-09-10 09:14 - 05990400 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 20:01 - 2015-09-10 09:09 - 20358144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 20:01 - 2015-09-10 09:06 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-10-14 20:01 - 2015-09-10 09:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 20:01 - 2015-09-10 08:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-10-14 20:01 - 2015-09-10 08:39 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 20:01 - 2015-09-10 08:37 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-10-14 20:01 - 2015-09-10 08:37 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-10-14 20:01 - 2015-09-10 08:35 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-10-14 20:01 - 2015-09-10 08:33 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-14 20:01 - 2015-09-10 08:28 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-10-14 20:01 - 2015-09-10 08:28 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-10-14 20:01 - 2015-09-10 08:27 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 20:01 - 2015-09-10 08:24 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 20:01 - 2015-09-10 08:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-10-14 20:01 - 2015-09-10 08:19 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-10-14 20:01 - 2015-09-10 08:19 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-10-14 20:01 - 2015-09-10 08:19 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-10-14 20:01 - 2015-09-10 08:17 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-10-14 20:01 - 2015-09-10 08:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-10-14 20:01 - 2015-09-10 08:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-10-14 20:01 - 2015-09-10 08:05 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-10-14 20:01 - 2015-09-10 08:02 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 20:01 - 2015-09-10 08:01 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-10-14 20:01 - 2015-09-10 08:00 - 12853760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 20:01 - 2015-09-10 07:57 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-14 20:01 - 2015-09-10 07:57 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-10-14 20:01 - 2015-09-10 07:55 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-10-14 20:01 - 2015-09-10 07:55 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-10-14 20:01 - 2015-09-10 07:55 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-10-14 20:01 - 2015-09-10 07:45 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-14 20:01 - 2015-09-10 07:34 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-10-14 20:01 - 2015-09-10 07:31 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-14 20:01 - 2015-09-10 07:27 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-14 20:01 - 2015-09-10 07:26 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-10-14 20:01 - 2015-08-06 09:05 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-10-14 20:01 - 2015-08-06 08:37 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-10-14 20:01 - 2015-07-16 10:58 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:42 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 20:00 - 2015-08-22 05:35 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-08 17:52 - 2012-11-08 17:32 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2903894491-2310168910-368854483-1001
2015-11-08 17:47 - 2015-06-17 19:36 - 00000956 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-08 17:47 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-08 17:42 - 2013-09-29 20:15 - 00338442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-08 17:39 - 2015-03-21 11:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-08 17:38 - 2013-11-19 18:55 - 00000000 ___RD C:\Users\Dominique\Dropbox
2015-11-08 17:38 - 2013-11-19 18:52 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\Dropbox
2015-11-08 17:38 - 2013-10-29 08:22 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 17:37 - 2013-10-19 11:52 - 00000000 __RDO C:\Users\Dominique\SkyDrive
2015-11-08 17:36 - 2012-09-29 07:01 - 00000000 ____D C:\Temp
2015-11-08 17:35 - 2013-10-19 10:43 - 02093027 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-08 17:35 - 2013-08-22 06:46 - 00400877 _____ C:\WINDOWS\setupact.log
2015-11-08 17:35 - 2013-08-22 06:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-08 17:34 - 2013-08-22 05:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-11-08 17:33 - 2013-10-29 08:22 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-08 17:33 - 2013-10-19 10:24 - 00000000 ____D C:\Users\Dominique
2015-11-08 17:30 - 2013-12-09 19:55 - 00000000 ____D C:\ProgramData\MFAData
2015-11-08 17:14 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-08 13:12 - 2015-09-10 19:02 - 00000946 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-08 13:09 - 2012-11-18 09:39 - 00000966 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001UA.job
2015-11-08 10:09 - 2012-11-18 09:39 - 00000944 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-11-08 09:00 - 2013-01-02 09:25 - 00000618 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw.job
2015-11-08 09:00 - 2013-01-02 09:25 - 00000548 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw.job
2015-11-08 08:49 - 2013-10-19 14:34 - 00003950 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5AA32188-2B97-4787-8D0F-403C24265B87}
2015-11-07 17:10 - 2012-11-09 16:11 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\PCDr
2015-11-07 16:47 - 2015-06-17 19:36 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-11-07 16:41 - 2013-08-22 05:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-04 18:11 - 2013-09-29 20:03 - 01071808 _____ C:\WINDOWS\PFRO.log
2015-11-03 20:12 - 2015-09-10 19:02 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2903894491-2310168910-368854483-1001Core.job
2015-11-02 14:25 - 2015-06-28 09:24 - 00000000 ____D C:\ProgramData\Yahoo!
2015-11-01 08:36 - 2013-11-14 08:37 - 00000000 ____D C:\Users\Dominique\Documents\Outlook Files
2015-11-01 08:00 - 2013-01-02 09:25 - 00000636 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_epi-healthy-dinner-tonight-bpw_PreFetch.job
2015-11-01 08:00 - 2013-01-02 09:25 - 00000566 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_epi-daily-recipes-bpw_PreFetch.job
2015-10-31 07:21 - 2014-08-23 11:33 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-30 15:15 - 2013-03-19 15:01 - 00000000 ____D C:\Users\Dominique\AppData\Roaming\WindSolutions
2015-10-27 16:31 - 2012-11-09 16:09 - 00000000 ____D C:\Users\Dominique\AppData\Local\CrashDumps
2015-10-26 20:23 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-26 18:37 - 2014-03-31 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-26 18:37 - 2013-12-09 19:58 - 00000983 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2015-10-25 11:00 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\rescache
2015-10-23 15:30 - 2013-10-29 08:22 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-23 15:20 - 2013-01-02 09:25 - 00000486 _____ C:\WINDOWS\Tasks\HP_EpicuriousHealthyDinnerTonight_Updater.job
2015-10-23 15:20 - 2013-01-02 09:25 - 00000452 _____ C:\WINDOWS\Tasks\HP_EpicuriousDailyRecipes_Updater.job
2015-10-18 06:58 - 2015-03-21 10:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-17 16:34 - 2014-12-12 08:26 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-17 16:34 - 2014-07-09 06:15 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-10-17 16:34 - 2013-08-22 07:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-10-17 16:34 - 2012-11-11 09:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-17 16:32 - 2012-07-25 21:26 - 00000234 _____ C:\WINDOWS\win.ini
2015-10-17 16:29 - 2013-08-16 04:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-17 16:14 - 2012-12-12 10:16 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-16 16:39 - 2015-03-21 11:33 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-10-15 21:14 - 2013-12-11 21:16 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-15 20:51 - 2015-03-13 20:49 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 20:51 - 2015-03-13 20:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2014-04-01 10:45 - 2014-04-01 10:46 - 0005120 _____ () C:\Users\Dominique\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-16 12:24 - 2015-05-16 12:27 - 0007627 _____ () C:\Users\Dominique\AppData\Local\resmon.resmoncfg
2013-10-28 22:09 - 2013-10-28 22:09 - 0000003 _____ () C:\ProgramData\AbsoluteNotifier.txt
2014-08-24 11:03 - 2015-04-18 08:02 - 0000504 _____ () C:\ProgramData\FastPics.log
2015-01-28 23:30 - 2015-01-28 23:31 - 0001075 _____ () C:\ProgramData\hpzinstall.log
2014-10-30 06:25 - 2015-10-02 19:26 - 0001424 _____ () C:\ProgramData\lxdx.log
2015-02-04 09:36 - 2015-02-04 09:36 - 0000468 _____ () C:\ProgramData\lxdxDiagnostics.log
2014-08-17 08:50 - 2014-08-17 08:50 - 15051199 _____ () C:\ProgramData\SPL589.tmp
2015-04-15 19:13 - 2015-04-15 19:13 - 39605891 _____ () C:\ProgramData\SPL723E.tmp
2014-11-19 20:19 - 2014-11-19 20:19 - 0409606 _____ () C:\ProgramData\SPL73E6.tmp
2014-08-17 08:52 - 2014-08-17 08:52 - 3139510 _____ () C:\ProgramData\SPL8B5E.tmp
2014-08-17 11:07 - 2014-08-17 11:07 - 0739836 _____ () C:\ProgramData\SPL8F06.tmp
2015-03-29 08:27 - 2015-03-29 08:27 - 0796336 _____ () C:\ProgramData\SPL9779.tmp
2015-01-07 19:15 - 2015-01-07 19:15 - 0098570 _____ () C:\ProgramData\SPL9975.tmp
2014-09-13 13:59 - 2014-09-13 13:59 - 0523842 _____ () C:\ProgramData\SPLD25.tmp
2014-09-30 09:57 - 2014-09-30 09:57 - 41150944 _____ () C:\ProgramData\SPLD4F2.tmp
2015-02-04 09:35 - 2015-02-04 09:35 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
2012-09-29 06:57 - 2012-09-29 06:57 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-09-29 06:53 - 2012-09-29 06:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-09-29 06:54 - 2012-09-29 06:55 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-09-29 06:53 - 2012-09-29 06:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-09-29 06:56 - 2012-09-29 06:57 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
 
Some files in TEMP:
====================
C:\Users\Dominique\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvhhjz7.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-08 10:15
 
==================== End of FRST.txt ============================


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 09 November 2015 - 09:08 AM

This Chrome extention is problematic.

CHR Extension: (FromDocToPDF) - C:\Users\Dominique\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikdphhbmkgffaopgmlfifpaobijngif [2015-11-08]

Read about it.
http://www.systemlookup.com/CLSID/76665-65bar_dll.html

Keep it at you own risks.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:02 PM

Posted 15 November 2015 - 09:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users