Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

neither malwarebytes or any .exe programs will run


  • This topic is locked This topic is locked
15 replies to this topic

#1 luvscoco

luvscoco

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 08:19 AM

I am sure there is a virus of some kind. But all attempts to run

any .exe program fail. I cant run malwarebytes that is installed

on the computer either. I cant run the Frst program, things will

download but they will not run to install. Is there any hope of

fixing this or should I just reformat the hard drive

 

Thank you for your help in advance



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 08 January 2016 - 09:03 AM

Hello 

luvscoco

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 11:01 AM

ok here is a copy of the frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by SYSTEM on MININT-UOC8P9E (08-01-2016 07:56:40)
Running from h:\
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3707120 2014-08-13] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [59632 2014-08-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\Karl\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\Karl\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\Karl\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-06] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2015-12-28] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
S3 ykinw8; C:\Windows\System32\drivers\ykinx64.sys [288768 2015-06-17] (Marvell)
S3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 07:56 - 2016-01-08 07:56 - 00000000 ____D C:\FRST
2016-01-08 07:52 - 2016-01-08 07:52 - 00016148 _____ C:\Windows\System32\KARL-PC_Karl_HistoryPrediction.bin
2016-01-08 06:59 - 2016-01-08 06:59 - 00000000 ____H C:\Windows\System32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-08 06:58 - 2016-01-08 06:58 - 03933496 _____ (Logitech, Inc.) C:\Windows\System32\LogiLDA.DLL
2016-01-08 06:58 - 2016-01-08 06:58 - 02458936 _____ (Logitech, Inc.) C:\Windows\System32\LdaCx2.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00828872 _____ (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00661448 _____ (Microsoft Corporation) C:\Windows\System32\msvcp110.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00354264 _____ (Microsoft Corporation) C:\Windows\System32\vccorlib110.dll
2016-01-07 14:04 - 2016-01-07 14:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\WiNlOgOn.exe
2016-01-07 13:59 - 2016-01-07 13:59 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.scr
2016-01-07 13:48 - 2016-01-07 13:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.com
2016-01-07 13:47 - 2016-01-07 13:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.exe
2016-01-07 13:39 - 2016-01-07 13:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Karl\Downloads\jantiroot.exe
2016-01-07 13:35 - 2016-01-07 13:36 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Karl\Downloads\jbamantiroot.exe
2016-01-07 13:28 - 2016-01-07 13:28 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-01-07 13:27 - 2016-01-07 13:28 - 24060128 _____ (SUPERAntiSpyware) C:\Users\Karl\Downloads\SUPERAntiSpyware.exe
2016-01-07 13:26 - 2016-01-07 13:27 - 00000000 ____D C:\HP_LaserJet_Professional_M1530_MFP_Series
2016-01-07 13:15 - 2016-01-07 13:15 - 00000000 ____D C:\Users\Karl\Downloads\mbam-chameleon-3.1.28.0
2016-01-07 13:14 - 2016-01-07 13:14 - 06392130 _____ C:\Users\Karl\Downloads\mbam-chameleon-3.1.28.0.zip
2016-01-07 13:12 - 2016-01-07 13:14 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Karl\Downloads\SkypeSetup(2).exe
2016-01-07 13:11 - 2016-01-07 13:26 - 181554248 _____ C:\Users\Karl\Downloads\hp_M1530_MFP_full_Solution_15188.exe
2016-01-06 14:37 - 2016-01-08 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 17:32 - 2015-12-28 17:32 - 00013920 _____ C:\Windows\System32\Drivers\SWDUMon.sys
2015-12-28 17:32 - 2015-12-28 17:32 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-12-28 17:32 - 2015-12-28 17:32 - 00000000 ____D C:\Users\Karl\AppData\Local\SlimWare Utilities Inc
2015-12-28 17:31 - 2015-12-28 17:32 - 00961728 _____ (Slimware Utilities, Inc.) C:\Users\Karl\Downloads\DriverUpdate-setup(1).exe
2015-12-28 17:30 - 2015-12-28 17:30 - 00961728 _____ (Slimware Utilities, Inc.) C:\Users\Karl\Downloads\DriverUpdate-setup.exe
2015-12-28 08:51 - 2015-12-28 08:51 - 00262144 _____ C:\Windows\Minidump\122815-18265-01.dmp
2015-12-21 08:40 - 2015-12-21 08:40 - 00262144 _____ C:\Windows\Minidump\122115-14734-01.dmp
2015-12-16 09:07 - 2015-12-16 09:08 - 00262144 _____ C:\Windows\Minidump\121615-41359-01.dmp
2015-12-10 14:41 - 2015-12-10 14:41 - 00262144 _____ C:\Windows\Minidump\121015-16593-01.dmp
2015-12-09 07:09 - 2015-11-30 23:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2015-12-09 07:09 - 2015-11-30 22:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\gpuenergydrv.sys
2015-12-09 07:09 - 2015-11-30 21:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2015-12-09 07:09 - 2015-11-30 20:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-09 07:09 - 2015-11-24 21:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-09 07:09 - 2015-11-24 21:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
2015-12-09 07:09 - 2015-11-24 21:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-12-09 07:09 - 2015-11-24 21:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2015-12-09 07:09 - 2015-11-24 21:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-12-09 07:09 - 2015-11-24 21:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\System32\userenv.dll
2015-12-09 07:09 - 2015-11-24 21:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2015-12-09 07:09 - 2015-11-24 21:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-09 07:09 - 2015-11-24 21:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-09 07:09 - 2015-11-24 21:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-09 07:09 - 2015-11-24 21:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-09 07:09 - 2015-11-24 20:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Globalization.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\System32\WlanMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\System32\MBMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\System32\RasMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\System32\EthernetMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\System32\DAMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2015-12-09 07:09 - 2015-11-24 20:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-12-09 07:09 - 2015-11-24 20:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-12-09 07:09 - 2015-11-24 20:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2015-12-09 07:09 - 2015-11-24 20:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2015-12-09 07:09 - 2015-11-24 20:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2015-12-09 07:09 - 2015-11-24 20:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\System32\Magnify.exe
2015-12-09 07:09 - 2015-11-24 20:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-12-09 07:09 - 2015-11-24 20:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\System32\DAMM.dll
2015-12-09 07:09 - 2015-11-24 20:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\System32\dot3mm.dll
2015-12-09 07:09 - 2015-11-24 20:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rmcast.sys
2015-12-09 07:09 - 2015-11-24 20:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hdaudbus.sys
2015-12-09 07:09 - 2015-11-24 20:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2015-12-09 07:09 - 2015-11-24 20:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\System32\ninput.dll
2015-12-09 07:09 - 2015-11-24 20:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-12-09 07:09 - 2015-11-24 20:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2015-12-09 07:09 - 2015-11-24 20:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2015-12-09 07:09 - 2015-11-24 20:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\System32\comdlg32.dll
2015-12-09 07:09 - 2015-11-24 20:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\System32\shutdownux.dll
2015-12-09 07:09 - 2015-11-24 20:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-12-09 07:09 - 2015-11-24 20:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-09 07:09 - 2015-11-24 20:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2015-12-09 07:09 - 2015-11-24 20:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2015-12-09 07:09 - 2015-11-24 20:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\System32\duser.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\kbdgeoqw.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZST.DLL
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZEL.DLL
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\System32\KBDAZE.DLL
2015-12-09 07:09 - 2015-11-24 20:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2015-12-09 07:09 - 2015-11-24 20:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2015-12-09 07:09 - 2015-11-24 20:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-09 07:09 - 2015-11-24 20:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-09 07:09 - 2015-11-24 20:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-09 07:09 - 2015-11-24 20:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-09 07:09 - 2015-11-24 20:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-09 07:09 - 2015-11-24 20:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-09 07:09 - 2015-11-24 20:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-09 07:09 - 2015-11-24 20:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-09 07:09 - 2015-11-24 18:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-09 07:09 - 2015-11-24 18:52 - 00775312 _____ C:\Windows\System32\locale.nls
2015-12-09 07:08 - 2015-11-30 21:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2015-12-09 07:08 - 2015-11-30 21:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-12-09 07:08 - 2015-11-30 21:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-09 07:08 - 2015-11-24 20:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\profext.dll
2015-12-09 07:08 - 2015-11-24 20:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 07:53 - 2015-07-10 01:05 - 00262144 ___SH C:\Windows\System32\config\BBI
2016-01-08 07:52 - 2015-10-19 12:44 - 00000000 ____D C:\users\Karl
2016-01-08 07:52 - 2015-07-30 13:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-08 07:13 - 2015-05-24 07:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-08 07:10 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\AppReadiness
2016-01-08 07:09 - 2015-07-30 14:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-08 07:05 - 2015-07-30 14:25 - 00000000 ____D C:\Windows\CbsTemp
2016-01-08 07:05 - 2015-07-10 01:47 - 00000000 ____D C:\Windows
2016-01-08 07:03 - 2015-10-19 12:44 - 01005598 _____ C:\Windows\System32\PerfStringBackup.INI
2016-01-08 07:03 - 2015-07-30 14:40 - 00000000 ____D C:\Windows\INF
2016-01-08 06:59 - 2015-09-22 08:19 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-08 06:58 - 2015-05-18 16:51 - 00000000 ____D C:\Users\Karl\AppData\Local\Adobe
2016-01-08 06:56 - 2015-05-15 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 17:03 - 2015-11-09 14:27 - 00033903 _____ C:\Users\Karl\Desktop\Copy of current follow up list (2) current.xlsx
2016-01-05 09:28 - 2015-08-17 05:51 - 00025140 _____ C:\Users\Karl\Desktop\Copy of Sales to date RTUI.xlsx
2016-01-04 10:17 - 2015-05-15 09:47 - 00000000 ____D C:\Users\Karl\Documents\RTUI
2016-01-04 09:47 - 2015-10-29 16:01 - 00000000 ____D C:\Users\Karl\Documents\ILG Phillipines
2016-01-02 12:22 - 2015-10-19 13:15 - 00000000 ____D C:\Users\Karl\AppData\Local\Packages
2015-12-29 12:12 - 2015-10-22 09:18 - 00009367 _____ C:\Users\Karl\Desktop\Kathy sales.xlsx
2015-12-28 15:05 - 2015-10-19 13:37 - 00000000 ___DC C:\Windows\Panther
2015-12-28 15:01 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-28 08:51 - 2015-10-30 14:09 - 490472028 _____ C:\Windows\MEMORY.DMP
2015-12-28 08:51 - 2015-10-30 14:09 - 00000000 ____D C:\Windows\Minidump
2015-12-26 00:58 - 2015-07-30 14:43 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-26 00:58 - 2015-07-30 14:43 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 09:07 - 2015-07-30 13:49 - 00341920 _____ C:\Windows\System32\FNTCACHE.DAT
2015-12-15 10:27 - 2015-07-30 14:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 10:26 - 2015-05-17 08:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-11 15:15 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\rescache
2015-12-10 14:43 - 2015-07-30 14:42 - 00000000 ____D C:\Windows\System32\oobe
2015-12-09 18:05 - 2015-05-16 02:52 - 00000000 ____D C:\Windows\System32\MRT
2015-12-09 07:58 - 2015-05-16 02:52 - 140158008 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Some files in TEMP:
====================
C:\Users\Karl\AppData\Local\Temp\scp63F3.tmp.exe
C:\Users\Karl\AppData\Local\Temp\SkypeSetup.exe


==================== Known DLLs (Whitelisted) =========================

[2015-07-09 19:20] - [2015-07-09 19:20] - 0435200 ____A (Microsoft Corporation) C:\Windows\System32\coml2.dll
[2015-07-09 19:31] - [2015-07-09 19:31] - 0339968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2015-11-12 10:05] - [2015-11-04 20:01] - 0579072 ____A (Microsoft Corporation) A7C48B051A9C5D5054916DE5BEBBCA2D

C:\Windows\System32\wininit.exe
[2015-09-09 21:08] - [2015-09-09 21:08] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD

C:\Windows\explorer.exe
[2015-12-09 07:09] - [2015-11-24 21:42] - 4532304 ____A (Microsoft Corporation) D2EAEC106F183572317AF7D68E381063

C:\Windows\SysWOW64\explorer.exe
[2015-12-09 07:09] - [2015-11-24 21:12] - 4047288 ____A (Microsoft Corporation) 4EEB94F7E1ABAB5503EEFEA7F2394370

C:\Windows\System32\svchost.exe
[2015-07-09 19:15] - [2015-07-09 20:40] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F

C:\Windows\SysWOW64\svchost.exe
[2015-07-09 19:25] - [2015-07-09 20:42] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E

C:\Windows\System32\services.exe
[2015-07-09 19:13] - [2015-07-09 20:35] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922

C:\Windows\System32\User32.dll
[2015-12-09 07:09] - [2015-11-24 21:27] - 1366680 ____A (Microsoft Corporation) 7F380DC90B8A045A3F4835D196C35EEB

C:\Windows\SysWOW64\User32.dll
[2015-12-09 07:09] - [2015-11-24 21:09] - 1310880 ____A (Microsoft Corporation) 74C8E141400F3B4CE12EE0E657FD91C9

C:\Windows\System32\userinit.exe
[2015-07-09 19:18] - [2015-07-09 19:18] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B

C:\Windows\SysWOW64\userinit.exe
[2015-07-09 19:29] - [2015-07-09 19:29] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A

C:\Windows\System32\rpcss.dll
[2015-07-09 19:20] - [2015-07-09 19:20] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F

C:\Windows\System32\dnsapi.dll
[2015-07-09 19:14] - [2015-07-09 20:35] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477

C:\Windows\SysWOW64\dnsapi.dll
[2015-07-09 19:24] - [2015-07-09 20:39] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7

C:\Windows\System32\Drivers\volsnap.sys
[2015-07-09 19:13] - [2015-07-09 20:39] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A


==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2015-12-28 15:32
Restore point date: 2016-01-05 15:01
Restore point date: 2016-01-08 06:57

==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 3758.07 MB
Available physical RAM: 2984.94 MB
Total Virtual: 3758.07 MB
Available Virtual: 3020.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:838.28 GB) NTFS
Drive f: () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
Drive h: (Lexar) (Removable) (Total:29.8 GB) (Free:21.1 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 96B85AEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (Size: 29.8 GB) (Disk ID: 73CD1F2B)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0B)


LastRegBack: 2015-12-30 11:46

==================== End of FRST.txt ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 08 January 2016 - 12:03 PM

Could you please post the Addition.txt that FRST made. Can you run .exe files if you boot into Safemode?


Edited by fireman4it, 08 January 2016 - 12:05 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 12:10 PM

when I ran it from the flashdrive with the scan it only created the frst.txt file

I know there is usually an additon.txt but I didnt not get one on the flashdrive

 

how would I get to safe mode using win 10

f8 doe not seem to work



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 08 January 2016 - 12:19 PM

http://windows.microsoft.com/en-us/windows-10/start-your-pc-in-safe-mode


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 12:22 PM

ok I figured out how to get it in safemode

Now I clicked on malwarebytes and it is running so

that is good....I will update later today as I have to

leave to go out...

 

just let me know what you want me to do when I can

work on the computer a gain

 

thanks



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 08 January 2016 - 02:54 PM

Please send me the log of malwarebytes. Then do the following. Except do it in Safemode. I need to see the Addition.txt. and the new FRST.txt it creates.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Edited by fireman4it, 08 January 2016 - 02:56 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 04:44 PM

ok here is the results of frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Karl (administrator) on KARL-PC (08-01-2016 13:36:24)
Running from C:\Users\Karl\Desktop
Loaded Profiles: Karl (Available Profiles: Karl)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-06-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-09-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP LaserJet Professional M1530 MFP Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3707120 2014-08-13] (Hewlett-Packard Company)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1856184 2015-09-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ToolboxFX] => C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe [59632 2014-08-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-05-04] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6cf866f2-ac97-43ac-9b23-ef120548449d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ad2889bf-8df2-4392-ab06-bd90e2b080b7}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-779053041-397103480-3883694225-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://exchange.rtui.com/owa/#path=/mail
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-15] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-779053041-397103480-3883694225-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\ph2j6gfr.default
FF Homepage: hxxps://exchange.rtui.com/owa/#path=/mail
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-15] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-20] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2015-05-18] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016448 2015-11-25] (Adobe Systems, Incorporated)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-06] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-09] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-09] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-08] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [13920 2015-12-28] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-09] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-09] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-09] (Microsoft Corporation)
S2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-09] (Microsoft Corporation)
U0 xdvvkv; C:\Windows\System32\drivers\wftvlicq.sys [79064 2016-01-08] (Malwarebytes)
R3 ykinw8; C:\Windows\System32\drivers\ykinx64.sys [288768 2015-06-17] (Marvell)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 13:36 - 2016-01-08 13:36 - 00018757 _____ C:\Users\Karl\Desktop\FRST.txt
2016-01-08 13:35 - 2016-01-08 13:35 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\wftvlicq.sys
2016-01-08 13:35 - 2016-01-08 13:35 - 00003262 _____ C:\Users\Karl\Desktop\malwarebytesresults.txt
2016-01-08 13:34 - 2016-01-08 13:34 - 00016148 _____ C:\WINDOWS\system32\KARL-PC_Karl_HistoryPrediction.bin
2016-01-08 13:17 - 2016-01-08 13:36 - 02370560 _____ (Farbar) C:\Users\Karl\Desktop\FRST64.exe
2016-01-08 09:33 - 2016-01-08 13:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-08 09:32 - 2016-01-08 13:14 - 00000000 ____D C:\Users\Karl\Desktop\mbar
2016-01-08 09:19 - 2016-01-08 13:15 - 00096216 _____ C:\WINDOWS\ntbtlog.txt
2016-01-08 09:19 - 2016-01-08 09:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-08 07:56 - 2016-01-08 13:36 - 00000000 ____D C:\FRST
2016-01-08 06:59 - 2016-01-08 06:59 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-08 06:58 - 2016-01-08 06:58 - 03933496 _____ (Logitech, Inc.) C:\WINDOWS\system32\LogiLDA.DLL
2016-01-08 06:58 - 2016-01-08 06:58 - 02458936 _____ (Logitech, Inc.) C:\WINDOWS\system32\LdaCx2.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00828872 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00661448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll
2016-01-08 06:58 - 2016-01-08 06:58 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib110.dll
2016-01-07 14:04 - 2016-01-07 14:05 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\WiNlOgOn.exe
2016-01-07 13:59 - 2016-01-07 13:59 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.scr
2016-01-07 13:48 - 2016-01-07 13:53 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.com
2016-01-07 13:47 - 2016-01-07 13:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Karl\Downloads\rkill.exe
2016-01-07 13:39 - 2016-01-07 13:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Karl\Downloads\jantiroot.exe
2016-01-07 13:35 - 2016-01-07 13:36 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Karl\Downloads\jbamantiroot.exe
2016-01-07 13:28 - 2016-01-07 13:28 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-01-07 13:27 - 2016-01-07 13:28 - 24060128 _____ (SUPERAntiSpyware) C:\Users\Karl\Downloads\SUPERAntiSpyware.exe
2016-01-07 13:26 - 2016-01-07 13:27 - 00000000 ____D C:\HP_LaserJet_Professional_M1530_MFP_Series
2016-01-07 13:15 - 2016-01-07 13:15 - 00000000 ____D C:\Users\Karl\Downloads\mbam-chameleon-3.1.28.0
2016-01-07 13:14 - 2016-01-07 13:14 - 06392130 _____ C:\Users\Karl\Downloads\mbam-chameleon-3.1.28.0.zip
2016-01-07 13:12 - 2016-01-07 13:14 - 01503872 _____ (Skype Technologies S.A.) C:\Users\Karl\Downloads\SkypeSetup(2).exe
2016-01-07 13:11 - 2016-01-07 13:26 - 181554248 _____ C:\Users\Karl\Downloads\hp_M1530_MFP_full_Solution_15188.exe
2016-01-06 14:37 - 2016-01-08 06:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 17:32 - 2015-12-28 17:32 - 00013920 _____ C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-12-28 17:32 - 2015-12-28 17:32 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-12-28 17:31 - 2015-12-28 17:32 - 00961728 _____ (Slimware Utilities, Inc.) C:\Users\Karl\Downloads\DriverUpdate-setup(1).exe
2015-12-28 17:30 - 2015-12-28 17:30 - 00961728 _____ (Slimware Utilities, Inc.) C:\Users\Karl\Downloads\DriverUpdate-setup.exe
2015-12-28 08:51 - 2015-12-28 08:51 - 00262144 _____ C:\WINDOWS\Minidump\122815-18265-01.dmp
2015-12-21 08:40 - 2015-12-21 08:40 - 00262144 _____ C:\WINDOWS\Minidump\122115-14734-01.dmp
2015-12-16 09:07 - 2015-12-16 09:08 - 00262144 _____ C:\WINDOWS\Minidump\121615-41359-01.dmp
2015-12-10 14:41 - 2015-12-10 14:41 - 00262144 _____ C:\WINDOWS\Minidump\121015-16593-01.dmp
2015-12-09 07:09 - 2015-11-30 23:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 07:09 - 2015-11-30 22:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 07:09 - 2015-11-30 21:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 07:09 - 2015-11-30 20:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 07:09 - 2015-11-24 21:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 07:09 - 2015-11-24 21:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 07:09 - 2015-11-24 21:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 07:09 - 2015-11-24 21:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 07:09 - 2015-11-24 21:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 07:09 - 2015-11-24 21:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 07:09 - 2015-11-24 21:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 07:09 - 2015-11-24 21:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 07:09 - 2015-11-24 21:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 07:09 - 2015-11-24 21:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 07:09 - 2015-11-24 21:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 07:09 - 2015-11-24 20:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 07:09 - 2015-11-24 20:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 07:09 - 2015-11-24 20:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 07:09 - 2015-11-24 20:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 07:09 - 2015-11-24 20:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 07:09 - 2015-11-24 20:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 07:09 - 2015-11-24 20:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 07:09 - 2015-11-24 20:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 07:09 - 2015-11-24 20:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 07:09 - 2015-11-24 20:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 07:09 - 2015-11-24 20:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 07:09 - 2015-11-24 20:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 07:09 - 2015-11-24 20:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 07:09 - 2015-11-24 20:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 07:09 - 2015-11-24 20:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 07:09 - 2015-11-24 20:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 07:09 - 2015-11-24 20:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 07:09 - 2015-11-24 20:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 07:09 - 2015-11-24 20:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 07:09 - 2015-11-24 20:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 07:09 - 2015-11-24 20:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 07:09 - 2015-11-24 20:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 07:09 - 2015-11-24 20:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 07:09 - 2015-11-24 20:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 07:09 - 2015-11-24 20:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 07:09 - 2015-11-24 20:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 07:09 - 2015-11-24 20:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 07:09 - 2015-11-24 20:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 07:09 - 2015-11-24 20:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 07:09 - 2015-11-24 20:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 07:09 - 2015-11-24 20:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 07:09 - 2015-11-24 20:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 07:09 - 2015-11-24 20:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 07:09 - 2015-11-24 20:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 07:09 - 2015-11-24 20:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 07:09 - 2015-11-24 20:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 07:09 - 2015-11-24 20:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 07:09 - 2015-11-24 20:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 07:09 - 2015-11-24 18:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 07:09 - 2015-11-24 18:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-09 07:08 - 2015-11-30 21:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 07:08 - 2015-11-30 21:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 07:08 - 2015-11-30 21:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 07:08 - 2015-11-24 20:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 07:08 - 2015-11-24 20:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 13:15 - 2015-08-30 10:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-08 09:33 - 2015-08-30 10:45 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-08 09:23 - 2015-10-19 12:44 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-08 09:23 - 2015-07-30 14:40 - 00000000 ____D C:\WINDOWS\INF
2016-01-08 09:19 - 2015-07-10 01:47 - 00000000 ____D C:\Windows
2016-01-08 09:18 - 2015-07-10 01:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-08 09:16 - 2015-09-22 08:19 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-01-08 09:16 - 2015-07-30 13:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-08 09:13 - 2015-05-24 07:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-08 07:52 - 2015-10-19 12:44 - 00000000 ____D C:\Users\Karl
2016-01-08 07:10 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-08 07:09 - 2015-07-30 14:42 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-08 07:05 - 2015-07-30 14:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-08 06:58 - 2015-05-18 16:51 - 00000000 ____D C:\Users\Karl\AppData\Local\Adobe
2016-01-08 06:56 - 2015-05-15 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-06 17:03 - 2015-11-09 14:27 - 00033903 _____ C:\Users\Karl\Desktop\Copy of current follow up list (2) current.xlsx
2016-01-05 09:28 - 2015-08-17 05:51 - 00025140 _____ C:\Users\Karl\Desktop\Copy of Sales to date RTUI.xlsx
2016-01-04 10:17 - 2015-05-15 09:47 - 00000000 ____D C:\Users\Karl\Documents\RTUI
2016-01-04 09:47 - 2015-10-29 16:01 - 00000000 ____D C:\Users\Karl\Documents\ILG Phillipines
2016-01-02 12:22 - 2015-10-19 13:15 - 00000000 ____D C:\Users\Karl\AppData\Local\Packages
2015-12-29 12:12 - 2015-10-22 09:18 - 00009367 _____ C:\Users\Karl\Desktop\Kathy sales.xlsx
2015-12-28 15:05 - 2015-10-19 13:37 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-28 15:01 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-28 08:51 - 2015-10-30 14:09 - 490472028 _____ C:\WINDOWS\MEMORY.DMP
2015-12-28 08:51 - 2015-10-30 14:09 - 00000000 ____D C:\WINDOWS\Minidump
2015-12-26 00:58 - 2015-07-30 14:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-26 00:58 - 2015-07-30 14:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 09:07 - 2015-07-30 13:49 - 00341920 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-15 10:27 - 2015-07-30 14:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 10:26 - 2015-05-17 08:27 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-11 15:15 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-10 14:43 - 2015-07-30 14:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 18:05 - 2015-05-16 02:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 07:58 - 2015-05-16 02:52 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-06-17 04:19 - 2015-06-17 04:19 - 0000079 _____ () C:\Program Files (x86)\prefs.js

Some files in TEMP:
====================
C:\Users\Karl\AppData\Local\Temp\scp63F3.tmp.exe
C:\Users\Karl\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 11:46

==================== End of FRST.txt ============================

 

Heres is the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Karl (2016-01-08 13:37:15)
Running from C:\Users\Karl\Desktop
Windows 10 Home (X64) (2015-10-19 21:14:18)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-779053041-397103480-3883694225-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-779053041-397103480-3883694225-503 - Limited - Disabled)
Guest (S-1-5-21-779053041-397103480-3883694225-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-779053041-397103480-3883694225-1002 - Limited - Enabled)
Karl (S-1-5-21-779053041-397103480-3883694225-1000 - Administrator - Enabled) => C:\Users\Karl

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Edge Code CC (HKLM-x32\...\{2033D10C-8B25-6EED-97C0-708693677BA6}) (Version: 0.98 - Adobe Systems Incorporated)
Adobe Edge Inspect CC (HKLM-x32\...\{2532C427-E595-4768-B6E9-C20F3AB751CA}) (Version: 1.5.486 - Adobe Systems Incorporated)
Adobe Edge Reflow CC Preview (HKLM\...\{8452F686-0D9B-4450-B723-FCD0582B02C3}) (Version: 0.51.17178 - Adobe Systems Incorporated)
Adobe Exchange Panel (HKLM-x32\...\{C592A34D-1E4A-49A3-BD42-4C8A5C9E4B80}) (Version: 1.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Scout CC (HKLM\...\{BA573BFE-83B4-11E3-93D2-D231FEB1DC81}) (Version: 1.1.3.354121 - Adobe Systems Incorporated)
Adobe Touch App Plugins (HKLM-x32\...\{1EC083EE-5B76-4A2A-B95A-CAF460AA29D6}) (Version: 1.0 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Dropbox (HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet Professional M1530 MFP Series (HKLM-x32\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM-x32\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (x32 Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (x32 Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-779053041-397103480-3883694225-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karl\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02378D82-1EE2-459B-BFC4-F27C4B7FFB92} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {058F5952-5BED-46C4-8303-782A076208F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {103CC95D-256F-4727-BEFD-A2AFF2913A0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {14E98FB6-2CE9-4E8B-9FB3-A044080E2CE7} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {23558013-41F1-4003-9FAC-D566125976C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {23D727A2-4EE6-47F8-A0FC-C504F69A0BA1} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {23DA169D-1C0D-4CD3-BB9C-1099B1ACB572} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {24EDAE9C-D588-4531-A379-422E1D588B74} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-08-13] (Hewlett Packard)
Task: {31F30D6F-51A6-4AF0-8FB3-9E4EDA9A7957} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {33CD797C-5FBE-41E0-922D-07CC8F34E674} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3A414200-6233-4383-B99E-199E4BE30B0A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {4E3D0DBA-2949-4329-8463-7F135692A88A} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {4F276981-C779-479E-A441-171D03A99FF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {55ABA580-F1F4-45D9-9F60-7B748CFD5878} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {57F04712-5D7E-4270-B59C-8B803C80A64D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5B88B6D4-964D-4DD5-A416-BA248FC9F62E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {5FF72CAF-EE50-40B2-8E9C-3AB2C52780D5} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {650919DA-0529-4882-8D13-0ED1660AC77E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6A45B016-2958-45D0-8209-2A8AD4CAB2EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {6ACE2F9E-1CCE-40B9-A270-BE64029D52ED} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {6BC622BD-51EF-44AA-99C4-6324B3D7D230} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {6CC21A21-60D3-4AF9-B685-C6E04C0D10EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7F678FF4-E1C2-4361-A5FE-00245A211286} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {86279897-03EB-4AB5-8A58-24472A93D59A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8CA79A64-B938-4541-B19B-69DA18A4CFE3} - System32\Tasks\{9C580B1A-ADA3-4613-B3AA-4BA50AAB2DDE} => pcalua.exe -a C:\Users\Karl\Downloads\drivers\INDOTH-00221232-0042.EXE -d C:\Users\Karl\Desktop
Task: {8DAE8F40-098E-4E9E-9285-D3078B4D4DBA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {A3BEF738-E604-4D4A-BFE8-D885B168660C} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {AB262D14-6C79-42AC-9244-DFB9EB92B5BA} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {B10EE49C-D4FF-43AA-80AB-54457AACE8A7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {B2A578E1-313E-4952-BA74-16C1760498D4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {B52B7498-73A8-4A8F-B82D-DB76A883E902} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {B585D376-AC9F-4181-BD78-D259165B03A6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B9EA2CBC-9DEF-4AB2-80C8-70410856043C} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {BD937A57-E073-4A8B-9710-B46075780B5E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C3599C91-4AA2-4932-B8B5-65904319F471} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C4A3E29B-1300-4152-AFD1-450CDA3FD7D5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CBDB3B6C-5FC5-4966-A0AB-4D922CD31543} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D0902E56-736D-4725-8ABD-2B316725FA5F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {DCCF6F73-F788-4DD9-9F65-DDD486449A64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E42C0EAC-66F9-48BC-A47A-4DF56A99FC87} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E6BE2C4C-8CEF-4D53-8625-67447251D7C4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E7E1EC50-C86F-404B-9B00-ED1A2CB191A3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EFB4CC7C-51E4-45E7-923A-0A5413F906D4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {F35BD7D0-9E49-491F-8210-DD46DD9F7C5F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {F3CBCF92-D5C1-42DC-8516-0421DABAEEB0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {F465E7A7-CF46-4F65-A649-89D5800BA580} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F7E3D3AE-AB43-498A-8854-EF42A63A66D6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {F8923A85-2434-41A5-823C-A47F518DAA7F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-19] (Adobe Systems Incorporated)
Task: {FC2F0B15-D965-4DAE-AF96-662078FEA637} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-09 21:08 - 2015-09-09 21:08 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-10-19 13:33 - 2015-10-19 13:33 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-19 13:33 - 2015-10-19 13:33 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 18:02 - 2015-09-11 18:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-10-30 14:40 - 2015-09-01 08:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-19 13:33 - 2015-10-19 13:33 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-09 19:13 - 2015-07-09 19:13 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-12-09 07:09 - 2015-11-24 20:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-09 07:09 - 2015-11-24 20:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-09 07:09 - 2015-11-24 20:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-19 13:33 - 2015-10-19 13:33 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 14:40 - 2015-09-01 04:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-779053041-397103480-3883694225-1000\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-779053041-397103480-3883694225-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Karl\AppData\Local\Microsoft\Windows\Themes\Scenes fr\DesktopBackground\1_ingoscholtes_panorama_cliff.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{EF62A468-8CDE-4A2C-92EF-F2684C605167}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AED0B426-4AD7-4942-BEA5-7EA8FA6275D6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0C412AD9-A46B-4D32-9FD3-AB4FB64118B4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0AF4CE8E-E06A-4A55-8EB2-B280B93E84CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{23C7AFF3-D84D-463E-A2D3-AEC37F632F32}] => (Allow) C:\Users\Karl\AppData\Local\Temp\7zS5EC0\Installer\hpbcsiInstaller.exe
FirewallRules: [{AE387601-C1D5-46DA-995A-D902E259B773}] => (Allow) C:\Users\Karl\AppData\Local\Temp\7zS5EC0\Installer\hpbcsiInstaller.exe
FirewallRules: [{CE8C9B2B-EB15-4CF9-BB50-39FEC2120C8C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{6D50E416-FC32-4F60-9555-A8AFD589BB88}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [UDP Query User{40D450D4-F62D-40BC-B9B3-2AB11355E054}C:\program files\adobe scout cc\scout.exe] => (Allow) C:\program files\adobe scout cc\scout.exe
FirewallRules: [TCP Query User{A2275E44-01A3-4733-9777-C92E74C823AE}C:\program files\adobe scout cc\scout.exe] => (Allow) C:\program files\adobe scout cc\scout.exe
FirewallRules: [{591BA87B-F676-46BE-A212-292DD0C30DBF}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Edge Inspect CC\EdgeInspect.exe
FirewallRules: [{5744B9F2-DAD1-498A-B499-2EF7925251E6}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{7C1B21F4-2E72-4F02-AAF2-DA7DA76B495E}] => (Allow) C:\Windows\System32\lxducoms.exe
FirewallRules: [{FBF53165-35E1-4DE8-9B80-A66D1F5F06AA}] => (Allow) C:\Users\Karl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{408E3127-BE75-49CF-A328-38CBA4691342}] => (Allow) C:\Users\Karl\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5DD9F9EA-F413-486B-8A86-2A67AF42DD1C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7D757805-85E2-4184-A883-A824213C7CA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C961F6C8-B5AC-4D4E-9BCC-08A255CDDC94}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{05136471-EA8A-41F1-A44B-A794A1227172}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{956B17B5-B215-44FD-9A7E-32F0141536E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9895F4F-2F56-47AB-95A6-388B897891BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8197D84A-86B8-4C3C-9B67-33FED3A7D0D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{15663EAE-6EE5-4339-8213-68D55AFFA804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6069F22-15B6-4DB6-8A0E-205BA6D12000}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{EB1BC8D2-9CD7-40A3-AA99-0A4C9E375AD6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{AC0C12C6-7918-404B-9148-BEE8A9F68EF3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{4D60E2E3-2DF1-47E2-BBC5-02E69805B879}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

19-12-2015 10:57:15 Scheduled Checkpoint
28-12-2015 15:32:11 Scheduled Checkpoint
05-01-2016 15:01:10 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2016 01:14:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Karl-PC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2016 09:19:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Karl-PC)
Description: Activation of app Microsoft.Getstarted_2.5.6.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2016 09:16:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Karl-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2016 09:15:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x764
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3
Faulting package full name: HPLaserJetService.exe4
Faulting package-relative application ID: HPLaserJetService.exe5

Error: (01/08/2016 09:13:46 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Karl-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2016 09:13:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Karl-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/08/2016 09:12:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x48c
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3
Faulting package full name: HPLaserJetService.exe4
Faulting package-relative application ID: HPLaserJetService.exe5

Error: (01/08/2016 07:52:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.10240.16384, time stamp: 0x559f39ae
Faulting module name: MusUpdateHandlers.dll, version: 10.0.10240.16590, time stamp: 0x563ad6f2
Exception code: 0xc0000005
Fault offset: 0x000000000002c7a8
Faulting process id: 0x18ec
Faulting application start time: 0xSystemSettings.exe0
Faulting application path: SystemSettings.exe1
Faulting module path: SystemSettings.exe2
Report Id: SystemSettings.exe3
Faulting package full name: SystemSettings.exe4
Faulting package-relative application ID: SystemSettings.exe5

Error: (01/08/2016 06:59:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Adobe Desktop Service.exe, version: 3.3.0.151, time stamp: 0x55fab2d5
Faulting module name: ntdll.dll, version: 10.0.10240.16603, time stamp: 0x565531ee
Exception code: 0xc0000005
Fault offset: 0x000552a5
Faulting process id: 0x1a84
Faulting application start time: 0xAdobe Desktop Service.exe0
Faulting application path: Adobe Desktop Service.exe1
Faulting module path: Adobe Desktop Service.exe2
Report Id: Adobe Desktop Service.exe3
Faulting package full name: Adobe Desktop Service.exe4
Faulting package-relative application ID: Adobe Desktop Service.exe5

Error: (01/08/2016 06:57:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x7e8
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3
Faulting package full name: HPLaserJetService.exe4
Faulting package-relative application ID: HPLaserJetService.exe5


System errors:
=============
Error: (01/08/2016 01:40:08 PM) (Source: DCOM) (EventID: 10005) (User: Karl-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/08/2016 01:39:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:39:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:39:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:39:36 PM) (Source: DCOM) (EventID: 10005) (User: Karl-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/08/2016 01:38:26 PM) (Source: DCOM) (EventID: 10005) (User: Karl-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/08/2016 01:37:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:37:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:37:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/08/2016 01:37:40 PM) (Source: DCOM) (EventID: 10005) (User: Karl-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2015-12-15 14:25:13.522
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:13.380
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:13.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:12.923
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:12.871
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:12.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:05.235
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-15 14:25:02.471
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-11 09:25:16.013
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-12-11 09:25:15.952
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz
Percentage of memory in use: 32%
Total physical RAM: 3758.07 MB
Available physical RAM: 2531.39 MB
Total Virtual: 7598.07 MB
Available Virtual: 6559.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.97 GB) (Free:838.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 96B85AEA)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 08 January 2016 - 05:05 PM

This should be done in Safemode:

Then try running in normal mode and see if computer works properly. Please post the MAlwarebytes log it created.

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.75KB   3 downloads


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 08 January 2016 - 08:32 PM

here is the fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Karl (2016-01-08 17:11:00) Run:1
Running from C:\Users\Karl\Desktop
Loaded Profiles: Karl (Available Profiles: Karl)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Task: {058F5952-5BED-46C4-8303-782A076208F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23DA169D-1C0D-4CD3-BB9C-1099B1ACB572} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4F276981-C779-479E-A441-171D03A99FF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {55ABA580-F1F4-45D9-9F60-7B748CFD5878} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {57F04712-5D7E-4270-B59C-8B803C80A64D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6CC21A21-60D3-4AF9-B685-C6E04C0D10EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {BD937A57-E073-4A8B-9710-B46075780B5E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C4A3E29B-1300-4152-AFD1-450CDA3FD7D5} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CBDB3B6C-5FC5-4966-A0AB-4D922CD31543} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D0902E56-736D-4725-8ABD-2B316725FA5F} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {DCCF6F73-F788-4DD9-9F65-DDD486449A64} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E42C0EAC-66F9-48BC-A47A-4DF56A99FC87} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
C:\Users\Karl\AppData\Local\Temp\scp63F3.tmp.exe
C:\Users\Karl\AppData\Local\Temp\SkypeSetup.exe
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
CHR dev: Chrome dev build detected! <======= ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
EmptyTemp:
Hosts:


*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{058F5952-5BED-46C4-8303-782A076208F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{058F5952-5BED-46C4-8303-782A076208F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23DA169D-1C0D-4CD3-BB9C-1099B1ACB572}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23DA169D-1C0D-4CD3-BB9C-1099B1ACB572}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F276981-C779-479E-A441-171D03A99FF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F276981-C779-479E-A441-171D03A99FF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55ABA580-F1F4-45D9-9F60-7B748CFD5878}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55ABA580-F1F4-45D9-9F60-7B748CFD5878}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{57F04712-5D7E-4270-B59C-8B803C80A64D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F04712-5D7E-4270-B59C-8B803C80A64D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CC21A21-60D3-4AF9-B685-C6E04C0D10EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CC21A21-60D3-4AF9-B685-C6E04C0D10EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD937A57-E073-4A8B-9710-B46075780B5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD937A57-E073-4A8B-9710-B46075780B5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4A3E29B-1300-4152-AFD1-450CDA3FD7D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4A3E29B-1300-4152-AFD1-450CDA3FD7D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBDB3B6C-5FC5-4966-A0AB-4D922CD31543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBDB3B6C-5FC5-4966-A0AB-4D922CD31543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0902E56-736D-4725-8ABD-2B316725FA5F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0902E56-736D-4725-8ABD-2B316725FA5F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCCF6F73-F788-4DD9-9F65-DDD486449A64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCCF6F73-F788-4DD9-9F65-DDD486449A64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E42C0EAC-66F9-48BC-A47A-4DF56A99FC87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E42C0EAC-66F9-48BC-A47A-4DF56A99FC87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
C:\Users\Karl\AppData\Local\Temp\scp63F3.tmp.exe => moved successfully
C:\Users\Karl\AppData\Local\Temp\SkypeSetup.exe => moved successfully
idsvc => service removed successfully
wpcsvc => service removed successfully
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:18:20 ====

 

here is the malwarebytes log

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/8/2016
Scan Time: 1:15 PM
Logfile: malwarebyteslog.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.08.06
Rootkit Database: v2016.01.05.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Karl

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 414951
Time Elapsed: 15 min, 8 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\WOW6432NODE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [88ae1423a6f3c472c818882630d3c937],
PUP.Optional.DriverUpdate, HKU\S-1-5-21-779053041-397103480-3883694225-1000\SOFTWARE\SLIMWARE UTILITIES INC\DriverUpdate, Quarantined, [2a0cdd5a7e1b95a12fac6e40f70c08f8],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],

Files: 10
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\ignores.dat, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\rupdates.db, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\settings.db, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\supdates.db, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.cat, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.inf, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\SWDUMon.sys, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Images\acer.png, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  17-32-20 0.log, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],
PUP.Optional.DriverUpdate, C:\Users\Karl\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Logs\2015-12-28  17-32-30 0.log, Quarantined, [60d6c5721a7f2511ffd5d1dd8182758b],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

The computer now runs .exe files.

 

I think it might be fixed



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 09 January 2016 - 12:46 PM

It looked to be a permissions issue. Lets run another scan for any leftovers.

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 09 January 2016 - 01:31 PM

ok here is the adwcleaner.txt

 

# AdwCleaner v5.028 - Logfile created 09/01/2016 at 10:24:42
# Updated 04/01/2016 by Xplode
# Database : 2016-01-04.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Karl - KARL-PC
# Running from : C:\Users\Karl\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [652 bytes] ##########
 



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:12:36 AM

Posted 10 January 2016 - 05:05 PM

Hello,

luvscoco

.
Congratulations! You now appear clean! :cool:


Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

======================

Download and install CryptoPrevent

Crypto Ransomware Warning

There are particularly nasty “Ransomware” infections out there at the moment that encrypt your files and the only way possible to get them “de-crypted” is to pay a ransome. You can read more about this here.

  • download CryptoPrevent
  • save the file to your Desktop and then open the program by clicking Run when prompted from your browser or by going to the desktop where the file was saved and double-clicking.
  • accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This will launch the program once you click Finish
  • you will get a prompt asking if you purchased a Product Key for Automatic Updates. Click No
  • you will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to
  • click OK to continue and select your protection level. Go ahead and click OK.
  • click the Apply button to set Default protection
  • you may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.

You are now protected.

Note: The free version doesn't provide automatic updates but should be updated often, (at least weekly), as this infection has serious consequences. To update it manually, open the program, select the “Updates” menu then select Check for Updates to see if there are any available.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Help! My computer is slow! by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 luvscoco

luvscoco
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:36 PM

Posted 10 January 2016 - 05:57 PM

Thanks for all your help  I will do the items in that

list you gave me to make sure the computer is

protected

 

Have a great day






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users