Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM.proxy blocking kaspersky and malwarebytes database updates


  • This topic is locked This topic is locked
51 replies to this topic

#1 jdlicciardello

jdlicciardello

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 11:43 AM

I cannot even connect to kaspersky.com. Internet is working fine. I have been scouring these pages for days trying many different things, hard to remember everything I have tried but rkill, roguekiller, adwarecleaner, hitmanpro, and using various executable chameleon  programs, etc. Thanks in advance for any help.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-12-2015
Ran by jdl_000 (administrator) on VAIO (30-12-2015 11:31:05)
Running from C:\Users\jdl_000\Desktop
Loaded Profiles: jdl_000 (Available Profiles: jdl_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Users\jdl_000\Desktop\RogueKiller.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-09-20] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-11-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-11-05] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-11-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [ATLauncher] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createshortcuts:1
HKLM-x32\...\Run: [ATUninstallIcon] => "C:\Program Files\McAfeeEx\McAfeeAntiTheft\ATLauncher.exe" /createuninstallentry:1
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\runner_avp.exe [24256 2013-11-11] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SecureW2 Tray] => C:\Program Files (x86)\SecureW2\sw2_tray.exe [262464 2015-06-03] (SecureW2 B.V.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATII5E.EXE [293504 2012-08-23] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [gSyncit] => C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [168448 2014-10-06] (Fieldston Software)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [Google Update] => C:\Users\jdl_000\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [Spotify Web Helper] => C:\Users\jdl_000\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-10] (Spotify Ltd)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [WebDriveTray] => C:\Program Files\WebDrive\webdrive.exe [7665800 2015-05-11] (South River Technologies, Inc.)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-166654913-935638154-2365692726-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  WebDrive] -> {37D70BD3-073C-4180-ADD9-C032EA5A7204} => C:\WINDOWS\system32\wdShellExt.dll [2015-05-11] (South River Technologies, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [KAVOverlayIcon] -> {dd230880-495a-11d1-b064-008048ec2fc5} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll [2015-09-03] (Kaspersky Lab ZAO)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-09-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 09 C:\ProgramData\System32\SafeGuard32.dll No File 
Winsock: Catalog5-x64 09 C:\ProgramData\System32\SafeGuard64.dll [3387320 2015-11-17] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BF9E8510-0690-493A-9A86-C41201BDFEF3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F2E749BB-EF9E-4726-8E2D-41D2B48F9DDD}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-166654913-935638154-2365692726-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-11-05] (Qualcomm Atheros Commnucations)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-18] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-06-09] (Kaspersky Lab ZAO)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-06-09] (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP25-10481/webex/ieatgpc.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jdl_000\AppData\Roaming\Mozilla\Firefox\Profiles\dakhn99u.default-1448061577421
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-10-02] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-12] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-166654913-935638154-2365692726-1001: @citrixonline.com/appdetectorplugin -> C:\Users\jdl_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-166654913-935638154-2365692726-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\jdl_000\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-166654913-935638154-2365692726-1001: @talk.google.com/O1DPlugin -> C:\Users\jdl_000\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-166654913-935638154-2365692726-1001: @tools.google.com/Google Update;version=3 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-166654913-935638154-2365692726-1001: @tools.google.com/Google Update;version=9 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jdl_000\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-08-21] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\jdl_000\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jdl_000\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2015-02-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2015-02-18] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-14]
CHR Extension: (Google Drive) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-02]
CHR Extension: (YouTube) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-14]
CHR Extension: (Google Search) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-09]
CHR Extension: (Google Docs Offline) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-02]
CHR Extension: (Safe Money) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-06-09]
CHR Extension: (Content Blocker) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2014-06-09]
CHR Extension: (Virtual Keyboard) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-06-09]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2015-10-14]
CHR Extension: (Skype) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-14]
CHR Extension: (Gmail) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-14]
CHR Extension: (Anti-Banner) - C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-09]
CHR HKU\S-1-5-21-166654913-935638154-2365692726-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [epiggbpnpeipncloelnecejhmipiohhh] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - hxxps://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-11-05] (Qualcomm Atheros Commnucations) [File not signed]
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch)
S2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107344 2012-11-20] (Condusiv Technologies)
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [625240 2013-09-28] (Sony Corporation)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S4 PDF Architect 2 Creator; C:\Program Files (x86)\PDF Architect 2\creator-ws.exe [738856 2014-10-10] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SkypeUpdateEx; C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe [178608 2015-11-05] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-19] (Sony Corporation) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [413336 2015-08-26] ()
S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [964608 2012-09-28] (Sony Corporation) [File not signed]
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1653272 2015-07-31] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WebDriveService; C:\Program Files\WebDrive\wdService.exe [6541448 2015-05-11] (South River Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 XeroxPrintJobEventManagerService; C:\Program Files\Xerox\XeroxPrintExperience\CommonFiles\XeroxPrintJobEventManagerService.exe [238920 2013-12-02] (Xerox Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-11-05] (Atheros) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-12-02] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-11-05] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-11-05] (Qualcomm Atheros)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [98504 2013-09-25] (Infowatch)
S1 CSVirtualDiskDrv; C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [67784 2013-09-25] (Infowatch)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [25424 2012-11-20] (Condusiv Technologies)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [111952 2012-11-20] (Condusiv Technologies)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-12-07] ()
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-11-11] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-09] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [627264 2014-06-09] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [50448 2013-11-11] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177864 2015-02-18] (Kaspersky Lab ZAO)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-12-08] (CSR plc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-30] (Malwarebytes)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2015-10-12] ()
S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-30] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-11-08] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-30] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S2 WebDriveFSD; C:\Program Files\WebDrive\wdfsd.sys [92808 2015-05-11] ()
U0 KL1; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 11:31 - 2015-12-30 11:31 - 00030581 _____ C:\Users\jdl_000\Desktop\FRST.txt
2015-12-30 11:30 - 2015-12-30 11:31 - 00000000 ____D C:\FRST
2015-12-30 11:29 - 2015-12-30 11:29 - 02370560 _____ (Farbar) C:\Users\jdl_000\Desktop\FRST64.exe
2015-12-30 11:02 - 2015-12-30 11:02 - 00006080 _____ C:\Users\jdl_000\Desktop\20151230110200_roguekiller_report.txt
2015-12-30 10:42 - 2015-12-30 10:42 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\jdl_000\Desktop\rkill.com
2015-12-30 10:40 - 2015-12-30 10:51 - 00002542 _____ C:\Users\jdl_000\Desktop\Rkill.txt
2015-12-30 10:40 - 2015-12-30 10:40 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\jdl_000\Desktop\iExplore.exe
2015-12-30 01:55 - 2015-12-30 02:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-30 01:33 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-30 01:31 - 2015-12-30 01:32 - 22908888 _____ (Malwarebytes ) C:\Users\jdl_000\Desktop\mbam-setup-org-2.2.0.1024.exe
2015-12-29 22:32 - 2015-12-29 22:32 - 00000000 _____ C:\WINDOWS\SysWOW64\REN55E9.tmp
2015-12-29 20:13 - 2015-12-29 20:15 - 20835400 _____ C:\Users\jdl_000\Desktop\RogueKiller.exe
2015-12-29 19:44 - 2015-12-29 19:44 - 05643545 _____ (Swearware) C:\Users\jdl_000\Desktop\ComboFix.exe
2015-12-29 19:42 - 2015-12-29 19:43 - 05643545 _____ (Swearware) C:\Users\jdl_000\Downloads\ComboFix (1).exe
2015-12-29 19:38 - 2015-12-29 19:38 - 05643545 _____ (Swearware) C:\Users\jdl_000\Downloads\ComboFix.exe
2015-12-29 19:31 - 2015-12-29 19:31 - 01743360 _____ C:\Users\jdl_000\Downloads\adwcleaner_5.026.exe
2015-12-29 17:14 - 2015-12-29 17:14 - 00000000 ___RD C:\Users\jdl_000\SkyDrive
2015-12-29 17:13 - 2015-12-29 17:15 - 00003092 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-166654913-935638154-2365692726-1001
2015-12-28 05:56 - 2015-12-29 17:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-16 17:58 - 2015-12-16 17:58 - 00000000 ____D C:\Users\jdl_000\AppData\Local\join.me
2015-12-12 19:10 - 2015-12-12 19:10 - 00002368 _____ C:\Users\jdl_000\Desktop\phillips.dta
2015-12-11 12:03 - 2015-12-11 12:03 - 02264048 _____ C:\Users\jdl_000\Desktop\vaccine record0001.pdf
2015-12-11 11:59 - 2015-12-11 11:59 - 00005060 _____ C:\Users\jdl_000\Desktop\detectedlog.txt
2015-12-10 11:09 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-10 11:09 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-10 11:09 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-12-10 11:09 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-12-10 11:09 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-10 11:08 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-10 11:08 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-10 11:08 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-12-10 11:08 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-12-10 11:08 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-12-10 11:08 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-12-10 11:08 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-10 11:08 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-12-10 11:08 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-12-10 11:08 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-10 11:08 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-10 11:08 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-10 11:08 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-10 11:08 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-12-10 11:08 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-10 11:08 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-10 11:08 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-10 11:06 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-10 11:06 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-10 11:06 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-12-10 11:06 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-10 11:06 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-12-10 11:06 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-10 11:06 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-10 11:06 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-10 11:06 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-10 11:06 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-10 11:06 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-12-10 11:06 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-12-10 11:06 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-10 11:06 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-10 11:06 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-10 11:06 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-12-10 11:06 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-10 11:06 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-10 11:06 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-12-10 11:06 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-10 11:06 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-10 11:06 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-10 11:06 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-10 11:06 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-10 11:06 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-12-10 11:06 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-12-10 11:06 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-12-10 11:06 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-12-10 11:06 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-10 11:06 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-10 11:06 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-10 11:06 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-10 11:06 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-10 11:06 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-12-10 11:06 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-10 11:06 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-10 11:06 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-12-10 11:05 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-12-10 11:05 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-12-10 10:59 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-10 10:59 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-10 10:59 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-10 10:59 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-10 10:59 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-10 10:59 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-10 10:59 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-10 10:59 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-10 10:59 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-10 10:59 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-12-10 10:59 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-10 10:59 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-12-10 10:59 - 2015-10-22 09:08 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-10 10:59 - 2015-10-22 09:08 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2015-12-10 10:59 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-12-10 00:11 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-10 00:11 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-10 00:11 - 2015-10-11 01:34 - 00468824 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-10 00:11 - 2015-10-11 01:34 - 00462168 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-12-10 00:11 - 2015-10-11 01:34 - 00443224 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-12-10 00:11 - 2015-10-11 01:34 - 00092504 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-12-10 00:11 - 2015-10-11 01:34 - 00027992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-12-10 00:11 - 2015-10-10 13:41 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-12-10 00:11 - 2015-10-10 13:41 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-12-10 00:11 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-12-10 00:11 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-12-10 00:11 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-12-10 00:11 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-12-10 00:11 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-12-10 00:11 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-12-10 00:10 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-10 00:10 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-10 00:10 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-10 00:10 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-12-10 00:10 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-12-10 00:10 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-12-10 00:10 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-12-10 00:10 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-12-10 00:10 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-12-10 00:10 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-12-10 00:10 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-12-10 00:10 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-12-10 00:10 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-12-07 10:29 - 2015-12-07 10:29 - 00002786 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-07 00:14 - 2015-12-07 00:14 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-12-07 00:13 - 2015-12-07 00:13 - 00006864 _____ C:\WINDOWS\system32\.crusader
2015-12-07 00:03 - 2015-12-07 00:13 - 00000000 ____D C:\ProgramData\HitmanPro
2015-12-07 00:03 - 2015-12-07 00:03 - 11337112 _____ (SurfRight B.V.) C:\Users\jdl_000\Desktop\HitmanPro_x64.exe
2015-12-06 23:07 - 2015-12-30 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-06 23:07 - 2015-12-30 10:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-06 23:07 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-06 23:06 - 2015-12-06 23:07 - 22908888 _____ (Malwarebytes ) C:\Users\jdl_000\Downloads\mbam-setup.exe
2015-12-06 22:59 - 2015-12-30 10:41 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-06 22:59 - 2015-12-30 01:33 - 00000000 ____D C:\Users\jdl_000\AppData\Roaming\Malwarebytes
2015-12-06 22:59 - 2015-12-06 23:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-06 22:59 - 2015-12-06 22:59 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\jdl_000\Downloads\mbam-setup-1.75.0.1300.exe
2015-12-06 22:59 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-06 22:33 - 2015-12-06 22:33 - 00000834 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-06 22:33 - 2015-12-06 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-06 22:33 - 2015-12-06 22:33 - 00000000 ____D C:\Program Files\CCleaner
2015-12-06 22:29 - 2015-12-06 22:31 - 06801752 _____ (Piriform Ltd) C:\Users\jdl_000\Desktop\ccsetup512.exe
2015-12-06 21:18 - 2015-12-30 10:43 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-06 21:18 - 2015-12-06 21:18 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-06 21:16 - 2015-12-06 21:17 - 25023048 _____ C:\Users\jdl_000\Desktop\RogueKillerX64.exe
2015-12-06 21:15 - 2015-12-06 23:55 - 00000547 _____ C:\Users\jdl_000\Desktop\JRT.txt
2015-12-06 21:13 - 2015-12-06 21:13 - 01599336 _____ (Malwarebytes) C:\Users\jdl_000\Desktop\JRT.exe
2015-12-06 21:11 - 2015-12-06 21:11 - 00852720 _____ C:\Users\jdl_000\Desktop\SecurityCheck.exe
2015-12-06 20:59 - 2015-12-06 20:59 - 00688992 _____ (Swearware) C:\Users\jdl_000\Desktop\dds.com
2015-12-06 20:58 - 2015-12-06 20:58 - 00688992 _____ (Swearware) C:\Users\jdl_000\Desktop\dds.exe
2015-12-06 20:57 - 2015-12-06 20:57 - 00688992 _____ (Swearware) C:\Users\jdl_000\Desktop\dds.scr
2015-12-06 20:48 - 2015-12-06 20:48 - 01736704 _____ C:\Users\jdl_000\Downloads\adwcleaner_5.023.exe
2015-12-02 22:46 - 2015-12-02 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-02 22:39 - 2015-12-02 22:39 - 00929872 _____ (Google Inc.) C:\Users\jdl_000\Downloads\ChromeSetup(1).exe
2015-11-30 23:01 - 2015-11-30 23:01 - 00015464 _____ C:\WINDOWS\DelYac64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-30 11:30 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-30 02:28 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-30 01:45 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-30 01:42 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\Help
2015-12-30 01:42 - 2012-12-25 01:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-30 01:38 - 2013-05-16 19:41 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-166654913-935638154-2365692726-1001
2015-12-30 01:35 - 2014-11-25 11:58 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001UA.job
2015-12-30 01:35 - 2013-05-16 20:50 - 00000000 ____D C:\Users\jdl_000\Documents\Outlook Files
2015-12-30 01:20 - 2013-10-07 16:00 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-30 01:11 - 2013-10-07 14:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-30 00:57 - 2015-02-15 13:55 - 00003610 _____ C:\WINDOWS\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-166654913-935638154-2365692726-1001
2015-12-30 00:46 - 2014-02-09 17:39 - 00000584 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166654913-935638154-2365692726-1001.job
2015-12-30 00:00 - 2014-08-13 19:35 - 00000000 ____D C:\Users\jdl_000\AppData\Roaming\gSyncit
2015-12-29 23:32 - 2013-05-21 21:25 - 00000000 ____D C:\Users\jdl_000\AppData\Local\ElevatedDiagnostics
2015-12-29 22:52 - 2013-05-16 21:09 - 00000000 ____D C:\Users\jdl_000\AppData\Local\CrashDumps
2015-12-29 22:37 - 2012-12-25 02:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-29 22:32 - 2015-01-27 13:28 - 00002336 _____ C:\Users\jdl_000\Desktop\Red Total.lnk
2015-12-29 22:30 - 2013-05-16 19:45 - 00000000 ___DO C:\Users\jdl_000\OneDrive
2015-12-29 22:25 - 2015-08-11 15:04 - 00000000 ___RD C:\Users\jdl_000\Google Drive
2015-12-29 19:51 - 2013-06-30 16:01 - 01514496 ___SH C:\Users\jdl_000\Desktop\Thumbs.db
2015-12-29 19:35 - 2015-11-20 17:53 - 00000000 ____D C:\AdwCleaner
2015-12-29 19:21 - 2014-10-02 13:47 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-29 19:21 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
2015-12-29 17:14 - 2014-06-18 20:39 - 00000000 ____D C:\Users\jdl_000
2015-12-29 17:08 - 2013-11-08 23:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-29 16:21 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-29 15:49 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 11:11 - 2013-10-07 14:37 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-26 03:48 - 2013-08-22 10:38 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 03:48 - 2013-08-22 10:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-24 11:44 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-24 11:43 - 2014-10-02 14:17 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-23 12:28 - 2013-05-16 19:33 - 00000000 ____D C:\Users\jdl_000\AppData\Local\Packages
2015-12-22 17:37 - 2013-10-07 16:00 - 00002288 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-21 20:35 - 2014-11-25 11:58 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001Core.job
2015-12-19 18:47 - 2015-05-30 13:31 - 00003676 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-166654913-935638154-2365692726-1001
2015-12-19 18:47 - 2014-02-09 17:39 - 00003580 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-166654913-935638154-2365692726-1001
2015-12-17 13:47 - 2015-04-06 16:59 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-12-17 13:47 - 2015-04-06 16:59 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-12-15 10:40 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-15 10:40 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-13 12:56 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-12-13 11:36 - 2013-08-22 09:44 - 00402920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-13 11:34 - 2013-12-01 20:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-13 11:34 - 2013-12-01 20:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-11 17:20 - 2014-03-18 05:03 - 00907320 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 11:34 - 2015-10-28 21:55 - 00000000 ____D C:\ProgramData\System32
2015-12-10 11:34 - 2013-12-01 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-10 11:32 - 2013-08-15 10:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-10 11:18 - 2013-05-22 19:58 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-07 12:56 - 2015-09-25 15:40 - 00000000 ____D C:\Users\jdl_000\Documents\My Scans
2015-12-06 22:39 - 2014-08-06 14:07 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2015-12-06 22:39 - 2014-08-06 13:54 - 00000000 ____D C:\Users\jdl_000\AppData\Roaming\TeamViewer
2015-12-06 22:36 - 2014-06-18 23:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-06 22:21 - 2013-05-16 19:34 - 00000000 ____D C:\WINDOWS\pss
2015-12-03 20:30 - 2014-11-25 11:58 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001UA
2015-12-03 20:30 - 2014-11-25 11:58 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001Core
2015-12-03 15:15 - 2013-10-07 16:00 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-03 15:15 - 2013-10-07 16:00 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 15:15 - 2013-10-07 16:00 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-03 10:12 - 2013-05-16 21:48 - 00000000 ____D C:\Users\jdl_000\AppData\Local\Google
2015-12-02 22:46 - 2013-06-04 19:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-30 14:19 - 2015-08-11 15:03 - 00002058 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-11-30 14:19 - 2015-08-11 15:03 - 00002056 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-11-30 14:19 - 2015-08-11 15:03 - 00002046 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-11-30 14:19 - 2015-08-11 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
==================== Files in the root of some directories =======
 
2013-08-07 10:59 - 2013-11-06 14:37 - 0000288 _____ () C:\Users\jdl_000\AppData\Roaming\MSVdm.dat
2015-02-28 22:54 - 2015-02-28 22:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{0BB890A6-AD2F-4B8D-A278-0FFF179C45F5}
2014-12-30 17:13 - 2014-12-30 17:13 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{3FAD63D8-B1F7-4BB7-9459-70222E144B01}
2014-10-16 15:38 - 2014-10-16 15:38 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{475E6448-3EA0-48AA-9013-60DC0B7385AB}
2015-04-23 21:54 - 2015-04-23 21:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{A3215A80-7CF2-40F9-A5AE-6AE3EC89B5D0}
2015-09-12 15:56 - 2015-11-06 13:10 - 0001788 _____ () C:\ProgramData\hpzinstall.log
2013-08-07 10:59 - 2013-11-06 14:37 - 0000288 _____ () C:\ProgramData\PDF2XL-5-2.TrialData
 
Some files in TEMP:
====================
C:\Users\jdl_000\AppData\Local\Temp\dllnt_dump.dll
C:\Users\jdl_000\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-29 22:50
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by jdl_000 (2015-12-30 11:31:51)
Running from C:\Users\jdl_000\Desktop
Windows 8.1 (X64) (2014-06-19 02:24:57)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-166654913-935638154-2365692726-500 - Administrator - Disabled)
Guest (S-1-5-21-166654913-935638154-2365692726-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-166654913-935638154-2365692726-1007 - Limited - Enabled)
jdl_000 (S-1-5-21-166654913-935638154-2365692726-1001 - Administrator - Enabled) => C:\Users\jdl_000

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky PURE 3.0 (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky PURE 3.0 (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky PURE 3.0 (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArtRage Studio (HKLM-x32\...\{5A9FE63F-F201-4D55-9F5F-06DDB239AC4F}) (Version: 3.5.5 - Ambient Design)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C5200 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
C5200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
cURL (HKLM\...\{853281AC-F1CF-4EBA-BB6A-562342786AED}) (Version: 7.38.0 - Confused by Code)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{42C509F1-C451-11E1-AEC9-F04DA23A5C58}) (Version: 5.0.161 - Sony)
EPSON L555 Series Printer Uninstall (HKLM\...\EPSON L555 Series) (Version: - SEIKO EPSON Corporation)
ExpressCache (HKLM\...\{196E43FB-929D-4838-B859-BF27557A6CA0}) (Version: 1.0.98.0 - Condusiv Technologies)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Google Books Downloader version 2.5 (HKLM-x32\...\{216729B6-014A-F413-814F-F17F74FBA113}_is1) (Version: 2.5 - GBOOKSDOWNLOADER.COM)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.0.4151 (HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\GoToMeeting) (Version: 7.8.0.4151 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
gSyncit (HKLM-x32\...\{4230B1A5-FAFF-4983-A810-61BBA1F0B047}) (Version: 4.0.259 - Fieldston Software)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HyperTerminal Private Edition v7.0 (HKLM-x32\...\HTPE3) (Version: - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{BF6B9ECF-0BDF-11E2-97FB-F04DA23A5C58}) (Version: 12.0.530 - Sony)
Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2.5833 - Mozilla)
MSR605 (HKLM-x32\...\MSR605v1.12) (Version: v1.12 - )
MultiBit 0.5.14 (HKLM-x32\...\MultiBit 0.5.14) (Version: 0.5.14 - )
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Asian Fonts Pack (HKLM-x32\...\{633A4439-31E0-496C-B192-4F8078F3E0A0}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Convert Module (HKLM-x32\...\{53434783-F9A7-4D64-B91A-05A3BF925D70}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Create Module (HKLM-x32\...\{3D0D9604-0173-488D-9694-2638C44D7579}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Edit Module (HKLM-x32\...\{8B0A956F-9BE6-495B-AF80-7B5B42061D79}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Forms Module (HKLM-x32\...\{4CB8D214-0400-45FA-B084-AAB0C74AD032}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Insert Module (HKLM-x32\...\{DD7BB68A-7D8A-4F62-806A-3424C2A170E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 OCR Module (HKLM-x32\...\{952E5B8F-82C2-46D1-B642-37B2635CE440}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Review Module (HKLM-x32\...\{664D6EE3-9A35-4284-B9D2-80A509DF9295}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 Secure Module (HKLM-x32\...\{99E0C0D4-6746-44EE-A132-5E7E3D6FAAFB}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDF2XL Evaluation (HKLM-x32\...\{1E050200-4585-41BE-899F-60B5DC1DB2EA}) (Version: 5.2.0.299 - CogniView)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
PS_AIO_02_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
Python 2.5.4 (HKLM-x32\...\{2E0DFC24-7C4B-4DCF-BCC7-81C513BED3BC}) (Version: 2.5.4150 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28146 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SecureLinx Spider View (remove only) (HKLM-x32\...\SecureLinx Spider View) (Version: - )
SecureW2 Enterprise Client 3.5.14 (HKLM-x32\...\SecureW2 Enterprise Client) (Version: - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
SoapUI 5.1.3 5.1.3 (HKLM\...\5517-2803-0637-4585) (Version: 5.1.3 - SmartBear Software)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{7A263871-BEEC-11E1-AC53-F04DA23A5C58}) (Version: 10.0.178 - Sony)
Spotify (HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\Spotify) (Version: 1.0.12.161.g64b0797c - Spotify AB)
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Store App Support Utility (HKLM\...\{B93C07D4-49FF-440D-8A6A-054A42AEA960}) (Version: 1.0.0.02240 - Sony Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.3 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
UE BOOM Update Assistant (HKLM-x32\...\{E37CE9D5-ACA2-4399-B1AB-3BF837CB6F19}) (Version: 1.4.51 - Logitech, Inc.)
VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)
VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.0.09210 - Sony Corporation)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)
VAIO Care (HKLM\...\{036400BD-B717-4D50-ACDC-96480C99EDD3}) (Version: 8.4.4.09186 - Sony Corporation)
VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.1.0.10300 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.4.4.07220 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.1.0.10240 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.1.0.10220 - Sony Corporation) Hidden
VAIO Health Report (HKLM-x32\...\VAIO Health Report1.0) (Version: 1.0 - Sony Electronics)
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.2.00.07040 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.1.0.10220 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.1.10170 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.2.00.07040 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.0.00.10170 - Sony Corporation) Hidden
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Touch Search (HKLM\...\{F792DDDD-71C8-419E-AE05-46B0CDB1BEC8}) (Version: 1.1.0.1511 - Sony Corporation)
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)
VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WebDrive (HKLM\...\{F08E87FD-F62B-4BAC-A2D6-A94755653F30}) (Version: 12.20.4172 - South River Technologies)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (HKLM-x32\...\{2DC0661C-FF81-4358-9F33-76EA6CAB6BF6}) (Version: 1.5.15770 - Sling Media)
Windows Driver Package - Qualcomm Atheros Communications Inc. (athr) Net (07/15/2013 10.0.0.260) (HKLM\...\FF9ECD00DD25FDB7D3208607214790302878ACBE) (Version: 07/15/2013 10.0.0.260 - Qualcomm Atheros Communications Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Xerox 6600/6605 Print Experience 2.0 (HKLM\...\{B33B22F6-512D-2B4D-459E-138D560ACCBD}) (Version: 6.71.9.5 - Xerox)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Yahoo SiteBuilder (HKLM-x32\...\Yahoo SiteBuilder) (Version: 2.8.7 - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Citrix\GoToMeeting\3019\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {104AAFE8-859E-42E2-B9E1-B49FDC3365CA} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {127E4336-84F4-41AD-A260-AB9D2C3F4A2E} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {17C4213F-45DF-4B1F-8171-8D309E625381} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-06] (Sony Corporation)
Task: {18430625-38A3-40D7-AE26-7A09EDB74560} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-166654913-935638154-2365692726-1001 => C:\Users\jdl_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-29] (Microsoft Corporation)
Task: {1A87D5F8-CB15-498D-B84D-223B0CDAE0D1} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {1A9F3A5F-15C7-43C2-BCED-8306CE567E20} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001Core => C:\Users\jdl_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1B4659BC-4649-4EAE-B286-1CA9F6CCDBD7} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {2D4E9171-0C9B-4704-977A-5778EEDC105F} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {3080C234-1303-4419-B26C-30C1C10F170B} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {313C821B-338A-4F25-8CB5-D22B393F777E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {325A62F7-ECF4-4062-9E62-F96ED298843F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001UA => C:\Users\jdl_000\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {36D3FB33-4260-4DA1-B212-9C4787D20ED1} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {3718ED85-E8DD-437F-8F39-01B347059176} - System32\Tasks\Xerox 6600_6605 Printer Configuration - Periodic Refresh => c:\program files\xerox\xeroxprintexperience\6600_6605\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation)
Task: {3D546FCC-3CBC-4C1E-96C0-03CD54C9CC9C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {416D8E34-7926-42D1-AAF5-5CEB0F7AC037} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {41D47BA7-94EB-4AC8-8974-85A68C8B3D4A} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {42F02042-A426-4686-9C16-2D7269D3BEF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4333451E-47B6-4BD7-9ACD-C0D56866D1BC} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)
Task: {489BF215-04E8-4462-A2F6-5F27A4DF3925} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {4DFC97F9-C134-432E-929B-35D705022D61} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {4FEF012D-1112-4B23-88E5-8395CD4036B5} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-09-06] (Sony Corporation)
Task: {52F63564-7074-4889-A5CA-9B081D0E0266} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-166654913-935638154-2365692726-1001
Task: {55C73ACD-F1A9-42E1-85CE-04FE7B78859F} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {59C1C413-3A1E-43D9-BB61-72041808E06A} - System32\Tasks\VAIO Health Report => C:\Program Files (x86)\Sony\VAIO Health Report\VAIOHealthReport.exe [2013-06-20] (Sony Electronics)
Task: {5C1FA989-57D8-4E2D-9B05-F557BCC0D6E1} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib TaskTray => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [2012-10-15] (Sony Corporation)
Task: {5D4BC0C6-4076-42A9-876E-8E11AC041B67} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {5FC317BA-527F-4774-BD07-D1317CA31C84} - System32\Tasks\G2MUploadTask-S-1-5-21-166654913-935638154-2365692726-1001 => C:\Users\jdl_000\AppData\Local\Citrix\GoToMeeting\4151\g2mupload.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {5FDD6A06-18AE-4CC4-A123-1ACDF64FA3E5} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-28] (Sony Corporation)
Task: {651FD57F-5D32-492A-B47E-48B600C0CAE4} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2015-07-23] (Sony Corporation)
Task: {70261983-EC9C-4E18-9986-42723106BC0B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-10] (Microsoft Corporation)
Task: {763B729D-6002-47A6-99E2-4AF7686CB7FF} - System32\Tasks\Sony Corporation\VAIO Care\ActiveStatusCollect => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {766D8285-7499-4763-AA8A-027EC260905B} - System32\Tasks\G2MUpdateTask-S-1-5-21-166654913-935638154-2365692726-1001 => C:\Users\jdl_000\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe [2015-12-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7A0D8C07-14A5-4DF6-B3C6-8B7479759FE5} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {7D2308B3-15D1-4DA5-A4F8-5593BA194E92} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-17] (Sony Corporation)
Task: {840E0110-FAB1-4D36-8654-0A59FCFEBFF8} - System32\Tasks\{D58B0B19-8B3B-42D5-A5DE-64904179A0C1} => pcalua.exe -a "C:\Users\jdl_000\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe" -c /Uninstall /NM="Zip Opener Packages" /AN="0D0S1L2Z1P1B0T1P1B2Z" /MBN="Zip Opener Packages"
Task: {855D18E6-600E-49B9-A1DB-36F6FB4E633E} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {94C5F690-CE25-4E53-9587-133C2A590F21} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9AE561D3-35BA-462F-84AC-DBF25A0F990D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A214C1F2-CE4C-4208-883A-74980D8CCCD6} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {A700A4E3-6005-4184-A84C-890BEE54DFFE} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-10-23] (Sony Corporation)
Task: {AB087F10-3925-41C9-8B02-902E64CC6864} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B196D579-A397-44A6-9437-CD23AF113D61} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-10-22] (Sony Corporation)
Task: {B3752CFD-F79D-43AC-B5F5-1DF401675C3E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {B4EEF42B-BA8B-4042-B1A1-444D40854BA9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BCC1C4CE-5150-45F8-B714-6FB00356FF18} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-166654913-935638154-2365692726-1001
Task: {C63A0F30-9865-47D1-9020-ED6B45481EB6} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2015-07-31] (Sony Corporation)
Task: {C94285FA-59E4-4F1E-966D-514885911D1B} - System32\Tasks\Sony Corporation\Store App Support Utility\Store App Support Utility Logon Start => C:\Program Files\Sony\Store App Support Utility\StoreAppSupportUtility.exe [2014-02-25] (Sony Corporation)
Task: {CEDA579F-80CB-491E-A481-11C714690246} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {D00E64CF-D126-40ED-BAB3-7EE9D8B13189} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {D07D56D3-F976-4A25-BDEC-478B2C070023} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2015-08-20] (Sony Corporation)
Task: {D0C8C000-77F4-41BE-A526-ED041479983F} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2012-10-15] (Sony Corporation)
Task: {DD602CFF-B867-4A20-B23E-F82294271340} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {E258B478-426E-4140-8CD0-0D616D387B77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {E4E7E382-6998-481B-B31F-CCC038BCBC84} - System32\Tasks\Xerox 6600_6605 Printer Configuration - New or Changed => c:\program files\xerox\xeroxprintexperience\6600_6605\XeroxPrinterConfiguration.exe [2013-12-02] (Xerox Corporation)
Task: {E646C0C6-2C5B-460A-862D-13FD917D80C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB59E28F-8949-4E15-BFD6-3AD2E3643A4D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {EF3844F6-6AFF-4BF9-B6F3-87B6E4B8D3E8} - System32\Tasks\Sony Corporation\VAIO Care\UpdateConfig => C:\ProgramData\Sony Corporation\VCM Data\UpdateConfig.exe [2015-03-03] (Sony Corporation)
Task: {EF5A8506-FCDD-4D4A-86D7-E90D6E95D0C8} - System32\Tasks\SecureW2 Task => C:\Program Files (x86)\SecureW2\sw2_tray.exe [2015-06-03] (SecureW2 B.V.)
Task: {F486C0AE-C051-4F16-A512-581086E97D8D} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-16] (AO Kaspersky Lab)
Task: {F7235706-CAFE-4D6D-A543-6E4ED1E459D2} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2015-02-04] (Sony Corporation)
Task: {F72DBAC8-8F60-4E3F-A1E6-C4ACC40FB65E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {FBC1F082-8BB9-475B-857C-0AF988AF2BBB} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => C:\ProgramData\Sony Corporation\VAIO Care\UpdateContacts.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166654913-935638154-2365692726-1001.job => C:\Users\jdl_000\AppData\Local\Citrix\GoToMeeting\4151\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001Core.job => C:\Users\jdl_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-166654913-935638154-2365692726-1001UA.job => C:\Users\jdl_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\jdl_000\Desktop\Yahoo SiteBuilder.lnk -> C:\Program Files (x86)\Yahoo SiteBuilder\ysitebuilder.bat ()

ShortcutWithArgument: C:\Users\jdl_000\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.InternetExplorer.Default\-11373434510.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -contentTile -formatVersion 0x00000002 -pinnedTimeLow 0xb08df1fd -pinnedTimeHigh 0x01ce5299 -securityFlags 0x00000000 -url 0x00000029 hxxp://news.google.com/nwshp?hl=en&tab=wn
ShortcutWithArgument: C:\Users\jdl_000\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={8e7b18d898904606a4652ca4ef219647}&r=egg7

==================== Loaded Modules (Whitelisted) ==============

2015-11-17 18:21 - 2015-11-17 18:21 - 03387320 _____ () C:\ProgramData\System32\SafeGuard64.dll
2015-10-27 20:27 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-29 20:13 - 2015-12-29 20:15 - 20835400 _____ () C:\Users\jdl_000\Desktop\RogueKiller.exe
2015-11-17 18:21 - 2015-11-17 18:21 - 02601400 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-12-06 22:59 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-12-06 22:59 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\jdl_000\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\kaspersky.com -> hxxps://www.kaspersky.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-166654913-935638154-2365692726-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jdl_000\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AppKeyLicenseServer_Facturacion_i => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: PDF Architect 2 => 3
MSCONFIG\Services: PDF Architect 2 Creator => 2
MSCONFIG\Services: pdfforge CrashHandler => 3
MSCONFIG\Services: VCFw => 2
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VUAgent => 3
MSCONFIG\Services: XBox => 2
HKLM\...\StartupApproved\StartupFolder: => "HP Digital Imaging Monitor.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ATUninstallIcon"
HKLM\...\StartupApproved\Run32: => "ATLauncher"
HKLM\...\StartupApproved\Run32: => "Carbonite Backup"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "SecureW2 Tray"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "GoToMeeting"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "gSyncit"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_768349822DB498542F098F0B708C9C5F"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "WebDriveTray"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-166654913-935638154-2365692726-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{16928FC4-2622-43A4-93DF-75BF2723C197}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [UDP Query User{4922FEA4-E861-40DC-8158-C6A1C291A411}C:\program files\sony\vaio care\vcsystemtray.exe] => (Allow) C:\program files\sony\vaio care\vcsystemtray.exe
FirewallRules: [{022E3979-4515-4564-B72B-016832DA3559}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{177358F3-4200-4382-8C29-20345449657C}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe
FirewallRules: [UDP Query User{2F04B025-F384-4565-8936-85F97430CA9E}C:\program files\sony\vaio care\vaioshell.exe] => (Allow) C:\program files\sony\vaio care\vaioshell.exe
FirewallRules: [TCP Query User{BD6E13F2-BDBE-4B6C-BB98-BED95465D7FB}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe
FirewallRules: [UDP Query User{CC3A99E1-0A72-45CC-8E8D-B7A2520D26FD}C:\program files\sony\vaio care\vcadmin.exe] => (Allow) C:\program files\sony\vaio care\vcadmin.exe
FirewallRules: [{F8831E85-F076-4A62-BDC6-A74395B4A833}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{D624F54F-3C09-4765-AC3E-05F6928F2112}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
FirewallRules: [{567EAC92-13D2-4060-8F63-88EBE3928A82}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
FirewallRules: [{17847F90-A172-40B9-9EBE-C82D1F3A1339}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
FirewallRules: [{1813296A-4C2A-4516-854F-8CBA9EF213DF}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
FirewallRules: [{CCF65DD4-D773-4E36-AB6C-FDDDCC595B18}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [{4CABC089-FCBB-4856-9180-71E2BA451B4A}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [TCP Query User{1D6E794C-A12D-4FEB-A5DE-5D8DE41AF0F1}C:\users\jdl_000\appdata\local\temp\joi21eb.tmp\join.me.exe] => (Allow) C:\users\jdl_000\appdata\local\temp\joi21eb.tmp\join.me.exe
FirewallRules: [UDP Query User{A40A8B0C-1850-4164-A1C6-88A74E3D76E8}C:\users\jdl_000\appdata\local\temp\joi21eb.tmp\join.me.exe] => (Allow) C:\users\jdl_000\appdata\local\temp\joi21eb.tmp\join.me.exe
FirewallRules: [{A826808F-087E-4969-8CDF-3F5A03632B3D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0429A880-CA31-401B-948A-3FEBB73906B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E52373B0-806E-440F-BBBE-7A6837E9F3E1}C:\users\jdl_000\appdata\local\temp\joiec02.tmp\join.me.exe] => (Allow) C:\users\jdl_000\appdata\local\temp\joiec02.tmp\join.me.exe
FirewallRules: [UDP Query User{D8264C1D-4719-4040-B9F5-947D2F6EFFF5}C:\users\jdl_000\appdata\local\temp\joiec02.tmp\join.me.exe] => (Allow) C:\users\jdl_000\appdata\local\temp\joiec02.tmp\join.me.exe
FirewallRules: [{32F6681A-940C-46C5-882E-979F28839F7F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7C218ABE-1E20-49A5-9784-6A9E28873C45}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe
FirewallRules: [{EC499544-9C47-4FCB-893D-471B7999A9DE}] => (Allow) C:\Program Files (x86)\Compacw\Servidor de Licencias\Facturacion\AppKeyLicenseServerFacturacionI.exe

==================== Restore Points =========================

25-12-2015 16:59:07 Scheduled Checkpoint
29-12-2015 15:49:12 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2015 01:38:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 01:21:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 01:08:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 12:53:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 12:38:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 12:23:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/30/2015 12:08:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/29/2015 11:53:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/29/2015 11:32:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/29/2015 11:23:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: VAIO)
Description: Activation of app 35135TwoGuysandaApp.FacebookNow_xc3b11gcg8yyg!App failed with error: -2147417842 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/30/2015 11:31:53 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/30/2015 11:31:45 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (12/30/2015 11:31:45 AM) (Source: DCOM) (EventID: 10005) (User: VAIO)
Description: 1084CarboniteServiceUnavailable{36471C67-6A93-4434-92CC-4C614CD06666}


CodeIntegrity:
===================================
Date: 2015-12-29 17:29:36.786
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-06 15:10:44.762
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 15:10:44.714
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.357
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.315
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.268
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.225
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.178
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-08-06 06:48:10.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 28%
Total physical RAM: 8071.27 MB
Available physical RAM: 5767.07 MB
Total Virtual: 16263.27 MB
Available Virtual: 14404.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:898.91 GB) (Free:735.92 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 30 December 2015 - 06:36 PM.


BC AdBot (Login to Remove)

 


#2 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 11:56 AM

Sorry I made this post twice because it didn't seem to work, I got the attached screen both times, but to be sure I checked to forum and saw that it did in fact post. Very strange.

Attached Files



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 06:44 PM

Greetings jdlicciardello and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = 
CHR HKLM-x32\...\Chrome\Extension: [epiggbpnpeipncloelnecejhmipiohhh] - <no Path/update_url>
U0 KL1; no ImagePath
2015-12-29 22:32 - 2015-12-29 22:32 - 00000000 _____ C:\WINDOWS\SysWOW64\REN55E9.tmp
2015-11-30 23:01 - 2015-11-30 23:01 - 00015464 _____ C:\WINDOWS\DelYac64.sys
2015-02-28 22:54 - 2015-02-28 22:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{0BB890A6-AD2F-4B8D-A278-0FFF179C45F5}
2014-12-30 17:13 - 2014-12-30 17:13 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{3FAD63D8-B1F7-4BB7-9459-70222E144B01}
2014-10-16 15:38 - 2014-10-16 15:38 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{475E6448-3EA0-48AA-9013-60DC0B7385AB}
2015-04-23 21:54 - 2015-04-23 21:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{A3215A80-7CF2-40F9-A5AE-6AE3EC89B5D0}
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
cmd: netsh winsock reset
cmd: ipconfig /flushdns
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 07:26 PM

Thanks for the reply! Before I start following your instructions I should probably give you an update. In the mean time while I was waiting for a response I continued to try new things and downloaded security task manager which quarantined a "potentially malicious" file called safeguard.dll and it seemed to be a big step in the right direction because now all the anti-virus and malware programs like kaspersky roguekiller, malwarebytes can all now update their databases and I have run full system scans with all of them. Kaspersky and malwarebytes now say I am clean but roguekiller keeps finding these PUM.proxy registry objects everytime I run it and it does not seem to be able to get rid of them. Also I noticed that google chrome's URL search browser is locked as a bogus search engine called portalsepeti and I cannot change it (the settings say this is controlled by administrator and won't let me change it even when I open the app as administrator). Anyway here is a copy past of the report from roguekiller, I think I made some progress at least.

 

RogueKiller V11.0.5.0 (x64) [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : jdl_000 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/30/2015 19:21:45

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Deleted
[Suspicious.Path] \Sony Corporation\VAIO Care\UpdateContacts -- "%ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe" (taskschedule) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-55A1YT0 +++++
--- User ---
[MBR] 975edba1893eb2054d3af747e4bd96f8
[BSP] d686b4c4100e0a0eb09cc45e7a6418f0 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 534528 | Size: 1474 MB
2 - [MAN-MOUNT] EFI system partition | Offset (sectors): 3553280 | Size: 260 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4085760 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4347904 | Size: 920486 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1889503232 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1890424832 | Size: 30810 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: AXM13S2-24GM-B +++++
--- User ---
[MBR] 85a08f7f2ea9176af4dff029023f7d84
[BSP] a75e69051ac4bc13ab6de876da8da2a7 : Empty MBR Code
Partition table:
0 - HFS | Offset (sectors): 16814080 | Size: 14692 MB
1 - [SYSTEM]  | Offset (sectors): 2048 | Size: 8208 MB
User = LL1 ... OK
User = LL2 ... OK
 



#5 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 07:29 PM

And my name is John BTW!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 08:20 PM

Hi John,

Thanks for the updated information. Let's run the steps I posted then we will regroup and continue on.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 08:48 PM

Thanks. Here you go. I checked chrome and the search on the URL is no longer the bogus search engine!! Another step in the right direction.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-12-2015
Ran by jdl_000 (2015-12-30 20:36:19) Run:1
Running from C:\Users\jdl_000\Desktop
Loaded Profiles: jdl_000 (Available Profiles: jdl_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Winlogon\Notify\igfxcui: igfxdev.dll [X]
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL =
CHR HKLM-x32\...\Chrome\Extension: [epiggbpnpeipncloelnecejhmipiohhh] - <no Path/update_url>
U0 KL1; no ImagePath
2015-12-29 22:32 - 2015-12-29 22:32 - 00000000 _____ C:\WINDOWS\SysWOW64\REN55E9.tmp
2015-11-30 23:01 - 2015-11-30 23:01 - 00015464 _____ C:\WINDOWS\DelYac64.sys
2015-02-28 22:54 - 2015-02-28 22:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{0BB890A6-AD2F-4B8D-A278-0FFF179C45F5}
2014-12-30 17:13 - 2014-12-30 17:13 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{3FAD63D8-B1F7-4BB7-9459-70222E144B01}
2014-10-16 15:38 - 2014-10-16 15:38 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{475E6448-3EA0-48AA-9013-60DC0B7385AB}
2015-04-23 21:54 - 2015-04-23 21:54 - 0000000 _____ () C:\Users\jdl_000\AppData\Local\{A3215A80-7CF2-40F9-A5AE-6AE3EC89B5D0}
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jdl_000\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CMD: type "C:\ComboFix.txt"
File: C:\ComboFix.txt
cmd: netsh winsock reset
cmd: ipconfig /flushdns
*****************

"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\epiggbpnpeipncloelnecejhmipiohhh => key not found.
KL1 => service could not remove
C:\WINDOWS\SysWOW64\REN55E9.tmp => moved successfully
C:\WINDOWS\DelYac64.sys => moved successfully
C:\Users\jdl_000\AppData\Local\{0BB890A6-AD2F-4B8D-A278-0FFF179C45F5} => moved successfully
C:\Users\jdl_000\AppData\Local\{3FAD63D8-B1F7-4BB7-9459-70222E144B01} => moved successfully
C:\Users\jdl_000\AppData\Local\{475E6448-3EA0-48AA-9013-60DC0B7385AB} => moved successfully
C:\Users\jdl_000\AppData\Local\{A3215A80-7CF2-40F9-A5AE-6AE3EC89B5D0} => moved successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-166654913-935638154-2365692726-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully

=========  type "C:\ComboFix.txt" =========

The system cannot find the file specified.

========= End of CMD: =========


========================= File: C:\ComboFix.txt ========================

"C:\ComboFix.txt" => not found.
====== End of File: ======


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:36:21 ====

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 08:54 PM

Very good. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Please download MiniRegTool.zip (for 32 bit systems) or MiniRegTool64.zip (for 64 bit systems) and save it to your desktop
  • Unzip the folder and double click the icon
  • Copy and paste the following into the white box:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings

  • Check the Export keys radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniRegTool report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 09:08 PM

Thanks! Here you go:

 

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"ZonesSecurityUpgrade"=hex:f5,51,1e,7b,46,9f,ce,01
"EnableNegotiate"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyOverride"="<-loopback>"
"ProxyServer"="http=127.0.0.1:60206;https=127.0.0.1:60206"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix"=""
"CacheLimit"=dword:0003e800

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix"="Cookie:"
"CacheLimit"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix"="Visited:"
"CacheLimit"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:46,00,00,00,33,00,00,00,03,00,00,00,2a,00,00,\
  00,68,74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,3b,68,74,74,\
  70,73,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,0b,00,00,00,3c,2d,6c,\
  6f,6f,70,62,61,63,6b,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:46,00,00,00,0e,09,00,00,03,00,00,00,2a,00,00,00,68,\
  74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,3b,68,74,74,70,73,\
  3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,0b,00,00,00,3c,2d,6c,6f,6f,\
  70,62,61,63,6b,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
@=""
"DisplayName"="Computer"
"PMDisplayName"="Computer [Protected Mode]"
"Description"="Your computer"
"Icon"="shell32.dll#0016"
"LowIcon"="inetcpl.cpl#005422"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
@=""
"DisplayName"="Local intranet"
"PMDisplayName"="Local intranet [Protected Mode]"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"LowIcon"="inetcpl.cpl#005423"
"CurrentLevel"=dword:00000000
"Flags"=dword:000000db
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
@=""
"DisplayName"="Trusted sites"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
@=""
"DisplayName"="Internet"
"PMDisplayName"="Internet [Protected Mode]"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"LowIcon"="inetcpl.cpl#005425"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
@=""
"DisplayName"="Restricted sites"
"PMDisplayName"="Restricted sites [Protected Mode]"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"LowIcon"="inetcpl.cpl#005426"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000003

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
@=""
"ProxyByPass"=dword:00000001
"IntranetName"=dword:00000001
"UNCAsIntranet"=dword:00000001
"AutoDetect"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000
"knownfolder"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
@=""

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="Computer"
"PMDisplayName"="Computer [Protected Mode]"
"Description"="Your computer"
"Icon"="shell32.dll#0016"
"LowIcon"="inetcpl.cpl#005422"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Local intranet"
"PMDisplayName"="Local intranet [Protected Mode]"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"LowIcon"="inetcpl.cpl#005423"
"CurrentLevel"=dword:00010500
"Flags"=dword:000000db
"1200"=dword:00000000
"1400"=dword:00000000
"2500"=dword:00000003

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00011000
"Flags"=dword:00000047
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"PMDisplayName"="Internet [Protected Mode]"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"LowIcon"="inetcpl.cpl#005425"
"CurrentLevel"=dword:00011500
"Flags"=dword:00000001
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"PMDisplayName"="Restricted sites [Protected Mode]"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"LowIcon"="inetcpl.cpl#005426"
"CurrentLevel"=dword:00012000
"Flags"=dword:00000003
"1200"=dword:00000003
"1400"=dword:00000003
 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 09:10 PM

Looks like we only got the first line. Can you run the program again and just list this line:

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 09:19 PM

Windows Registry Editor Version 5.00

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 8.0; Win32)"
"IE5_UA_Backup_Flag"="5.0"
"ZonesSecurityUpgrade"=hex:f5,51,1e,7b,46,9f,ce,01
"EnableNegotiate"=dword:00000001
"ProxyEnable"=dword:00000001
"ProxyOverride"="<-loopback>"
"ProxyServer"="http=127.0.0.1:60206;https=127.0.0.1:60206"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content]
"CachePrefix"=""
"CacheLimit"=dword:0003e800

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies]
"CachePrefix"="Cookie:"
"CacheLimit"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History]
"CachePrefix"="Visited:"
"CacheLimit"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings"=hex:46,00,00,00,33,00,00,00,03,00,00,00,2a,00,00,\
  00,68,74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,3b,68,74,74,\
  70,73,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,0b,00,00,00,3c,2d,6c,\
  6f,6f,70,62,61,63,6b,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"SavedLegacySettings"=hex:46,00,00,00,0e,09,00,00,03,00,00,00,2a,00,00,00,68,\
  74,74,70,3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,3b,68,74,74,70,73,\
  3d,31,32,37,2e,30,2e,30,2e,31,3a,36,30,32,30,36,0b,00,00,00,3c,2d,6c,6f,6f,\
  70,62,61,63,6b,3e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
  00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
@=""
"DisplayName"="Computer"
"PMDisplayName"="Computer [Protected Mode]"
"Description"="Your computer"
"Icon"="shell32.dll#0016"
"LowIcon"="inetcpl.cpl#005422"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
@=""
"DisplayName"="Local intranet"
"PMDisplayName"="Local intranet [Protected Mode]"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"LowIcon"="inetcpl.cpl#005423"
"CurrentLevel"=dword:00000000
"Flags"=dword:000000db
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
@=""
"DisplayName"="Trusted sites"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
@=""
"DisplayName"="Internet"
"PMDisplayName"="Internet [Protected Mode]"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"LowIcon"="inetcpl.cpl#005425"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
@=""
"DisplayName"="Restricted sites"
"PMDisplayName"="Restricted sites [Protected Mode]"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"LowIcon"="inetcpl.cpl#005426"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000003
"1400"=dword:00000003

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
@=""
"ProxyByPass"=dword:00000001
"IntranetName"=dword:00000001
"UNCAsIntranet"=dword:00000001
"AutoDetect"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
@=""

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults]
@=""
"http"=dword:00000003
"https"=dword:00000003
"ftp"=dword:00000003
"file"=dword:00000003
"@ivt"=dword:00000001
"shell"=dword:00000000
"knownfolder"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
@=""

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones]
@=""
"SelfHealCount"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
@=""
"DisplayName"="Computer"
"PMDisplayName"="Computer [Protected Mode]"
"Description"="Your computer"
"Icon"="shell32.dll#0016"
"LowIcon"="inetcpl.cpl#005422"
"CurrentLevel"=dword:00000000
"Flags"=dword:00000021
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
@=""
"DisplayName"="Local intranet"
"PMDisplayName"="Local intranet [Protected Mode]"
"Description"="This zone contains all Web sites that are on your organization's intranet."
"Icon"="shell32.dll#0018"
"LowIcon"="inetcpl.cpl#005423"
"CurrentLevel"=dword:00010500
"Flags"=dword:000000db
"1200"=dword:00000000
"1400"=dword:00000000
"2500"=dword:00000003

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
@=""
"DisplayName"="Trusted sites"
"PMDisplayName"="Trusted sites [Protected Mode]"
"Description"="This zone contains Web sites that you trust not to damage your computer or data."
"Icon"="inetcpl.cpl#00004480"
"LowIcon"="inetcpl.cpl#005424"
"CurrentLevel"=dword:00011000
"Flags"=dword:00000047
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
@=""
"DisplayName"="Internet"
"PMDisplayName"="Internet [Protected Mode]"
"Description"="This zone contains all Web sites you haven't placed in other zones"
"Icon"="inetcpl.cpl#001313"
"LowIcon"="inetcpl.cpl#005425"
"CurrentLevel"=dword:00011500
"Flags"=dword:00000001
"1200"=dword:00000000
"1400"=dword:00000000

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
@=""
"DisplayName"="Restricted sites"
"PMDisplayName"="Restricted sites [Protected Mode]"
"Description"="This zone contains Web sites that could potentially damage your computer or data."
"Icon"="inetcpl.cpl#00004481"
"LowIcon"="inetcpl.cpl#005426"
"CurrentLevel"=dword:00012000
"Flags"=dword:00000003
"1200"=dword:00000003
"1400"=dword:00000003
 



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 09:20 PM

Excellent John, now this.

===================================================

Registry Fix

-------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document.
Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyOverride"=-
"ProxyServer"=-

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=-
"ProxyOverride"=-
"ProxyServer"=-
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg.
  • Click Save.
  • Double click fix.reg and answer Yes to the prompts. You should receive the message that the entries have been successfully merged. If not, post back with the error message.
  • Delete fix.reg after use.
  • Reboot your computer
  • Rerun a RogueKiller scan only and post the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the registry file merge properly?
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 09:54 PM

Registry file merge. Here is the log, seems like the registry files are still there:

 

RogueKiller V11.0.5.0 (x64) [Dec 28 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : jdl_000 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/30/2015 21:52:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Replaced (0)
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> Deleted
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:60206;https=127.0.0.1:60206  -> ERROR [2]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10JPVT-55A1YT0 +++++
--- User ---
[MBR] 975edba1893eb2054d3af747e4bd96f8
[BSP] d686b4c4100e0a0eb09cc45e7a6418f0 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 534528 | Size: 1474 MB
2 - [MAN-MOUNT] EFI system partition | Offset (sectors): 3553280 | Size: 260 MB
3 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 4085760 | Size: 128 MB
4 - Basic data partition | Offset (sectors): 4347904 | Size: 920486 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 1889503232 | Size: 450 MB
6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1890424832 | Size: 30810 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: AXM13S2-24GM-B +++++
--- User ---
[MBR] 85a08f7f2ea9176af4dff029023f7d84
[BSP] a75e69051ac4bc13ab6de876da8da2a7 : Empty MBR Code
Partition table:
0 - HFS | Offset (sectors): 16814080 | Size: 14692 MB
1 - [SYSTEM]  | Offset (sectors): 2048 | Size: 8208 MB
User = LL1 ... OK
User = LL2 ... OK
 


Registry file merged* properly.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:54 AM

Posted 30 December 2015 - 10:48 PM

Greetings John. Looks like it doesn't want to cooperate. Please do this.

===================================================

Farbar's MiniRegTool

--------------------
  • Right click on MiniRegTool and select Run as administrator
  • Copy and paste the following into the white box:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyOverride
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyOverride
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable

  • Check the Delete Keys/Values including Locked/Null embedded radio button.
  • Press the Go button and post the result.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • MiniToolBox report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 jdlicciardello

jdlicciardello
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 30 December 2015 - 10:56 PM

MiniRegTool64 by Farbar Version:21-07-2014
Ran by jdl_000 (administrator) on 2015-12-30 22:55:41

====================================
"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable" value deleted successfully.
"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyOverride" value deleted successfully.
"HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer" value deleted successfully.
"HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable" value not found.
"HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyOverride" value not found.
"HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyEnable" value not found.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users