Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Offers4U wont go away. help!


  • This topic is locked This topic is locked
8 replies to this topic

#1 nikitantra

nikitantra

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 25 January 2016 - 05:08 PM

Hey guys, I had 3 different flavours of the offers4U on my system. It appears in my chrome browser. I ran rkill, MWB, combofix, Junkware tool,  ADWcleaner and TDSSkiller. no luck so far. Here are my logs:

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 5:06:04 PM, on 1/25/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18098)
 
FIREFOX: 38.0.1 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mcomm.exe
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mlauncher.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\KatMouse\KatMouse.exe
C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
C:\Program Files (x86)\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\PasswordGenerator.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\nikita.levitan\Downloads\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [OpenOffice-Enterprise v2] rundll32.exe ooewinsys.dll,CheckInstall
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files (x86)\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [GoToMeeting] "C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [uTorrent] "C:\Users\nikita.levitan\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe"  /MINIMIZED
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKCU\..\Run: [8x8 Virtual Office] "C:\Program Files (x86)\8x8 Virtual Office\8x8 - Virtual Office\8x8 - Virtual Office.exe"
O4 - Startup: EmEditor.lnk = C:\Program Files\EmEditor\emedtray.exe
O4 - Startup: KatMouse.lnk = C:\Program Files (x86)\KatMouse\KatMouse.exe
O4 - Global Startup: Intuit Data Protect.lnk = C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: QuickBooks Web Connector.lnk = C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
O4 - Global Startup: QuickBooks_Standard_21.lnk = C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
O4 - Global Startup: ScanSnap Manager.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {AB1408A0-10F6-40BA-984D-074D7BDC3126} (GSViewerX Control) - http://10.2.2.81/CAB/VideoPlugine.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = welocalize.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = welocalize.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = welocalize.com
O18 - Protocol: intu-help-qb3 - {C5E479EA-0A65-4B05-8C6C-2FC8CC682EB4} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BlackBerry Device Manager (Blackberry Device Manager) - Research In Motion Limited - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Symantec Eraser Service (EraserSvc11511) - Unknown owner - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: GManager - Unknown owner - C:\Windows\system32\GManager.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ixia Performance Endpoint (IxiaEndpoint) - Unknown owner - C:\Program Files\Ixia\Endpoint\endpoint.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MCTDesktopSvr - Unknown owner - C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nalpeiron Control Service (NalServ) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nalserv.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\nlssrv32.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 25245 bytes
 

 



BC AdBot (Login to Remove)

 


#2 nikitantra

nikitantra
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 25 January 2016 - 05:21 PM

I also get right-coupon ads



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 26 January 2016 - 05:23 PM

Greetings nikitantra and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Is Chrome the only browser affected?

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --incognito and press Enter
  • Check the browser behavior
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • How does Chrome behave? Only browser affected?
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 nikitantra

nikitantra
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 27 January 2016 - 02:15 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by nikita.levitan (administrator) on COMP20 (27-01-2016 14:09:49)
Running from C:\Users\nikita.levitan\Desktop
Loaded Profiles: nikita.levitan (Available Profiles: nikita.levitan & Jeff.Schmidt & nladmin & COMP20)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Windows\System32\GManager.exe
() C:\Program Files\Ixia\Endpoint\endpoint.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nalserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mcomm.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mlauncher.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Emurasoft, Inc.) C:\Program Files\EmEditor\emedtray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Program Files (x86)\KatMouse\KatMouse.exe
(Apple Inc.) C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\PfuSsSct.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\System32\mstsc.exe
(Microsoft) C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\RDCMan.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_286.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-12-11] (LogMeIn, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2757424 2015-11-24] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [OpenOffice-Enterprise v2] => rundll32.exe ooewinsys.dll,CheckInstall
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2065408 2013-11-03] (Dominik Reichl)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [DVD or CD Sharing] => C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe [619832 2008-02-20] (Apple Inc.)
HKLM-x32\...\Run: [PfuSsSct.exe] => C:\Program Files (x86)\PFU\ScanSnap\PfuSsSct.exe [110592 2003-12-22] (PFU LIMITED)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3213824 2016-01-21] (Malwarebytes)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\msimg32.dll <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\Rar** <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\*.zip\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\Temp\7z** <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\7z** <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\*\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%Temp\*pcspeedup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\*\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\Temp\*.zip\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\Temp\wz*\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\Temp\Rar*\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %UserProfile%\Local Settings\*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %systemroot%\system32\drivers\*gw64.sys <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\wz** <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\join.me\join.me.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\G2MInstallerExtractor.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\irsetup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\JingSetup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\jre-7u71-windows-i586-iftw.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Mozilla Firefox\firefox.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %appdata%\Spotify\Spotify.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\CLJ2600-HB-pnp-win64-en.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\oph32.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\dsHostCheckerSetup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Clavier\Clavier.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\tep\Picasaupdater_*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\7z*.tmp\bin\VMware-viclient.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\PicasaUpdater_38be.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\creativecloudset-up.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\wz*.tmp\MSKLC.msi <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\kerio-connect-koff-8.3.1-2843-win.exe\kerio-connect-worker-8.3.1-2843-win32.msi <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %AppData%\Sidekick\sidekick.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\rarsfx*\setup_ep.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\LogMeIn Client\LogMeIn Client.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\jre-8u45-windows-au.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\rarsfx*\lsetup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\~explz723*\install.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\VLC\vlc.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\sogou_pinyin_*.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\vcredi~1.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\7z*.tmp\setup-stub.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\jre-8u40-windows-au.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\rar*\setup_ep.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\jre-8u31-windows-au.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\JuniperExt.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\OmegaT\OmegaT.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\sogouexplorer\sogouexplorer.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\MMTaskbar\MultiMon.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Wunderlist\Wunderlist.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\wz*.tmp\setup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\TogglDesktop\TogglDesktop.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\rarsfx*\installer_msi_win.msi <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\jre-8u60-windows-au.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %lAPPDATA%\import.io\import.io.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %appdata%\Spotify\SpWebInst0.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\AIRRuntimeInstaller.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\LogMeIn Client\LMIIgnition.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\Temp\procexp64.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %LocalAppData%\Temp\SkypeSetup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\oph3.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\VS_PIA~1.EXE <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localAppData%\Temp\ose00000.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\setacl.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\7z*.tmp\setup.exe <====== ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158 Group Policy restriction on software: %localappdata%\temp\vcredi~1.exe <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-11-12] (Google Inc.)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [GoToMeeting] => C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\g2mstart.exe [41536 2015-11-21] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [22496448 2016-01-08] (Microsoft Corporation)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-08-20] (Siber Systems)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [uTorrent] => C:\Users\nikita.levitan\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe [1693024 2015-08-03] (BitTorrent Inc.)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Run: [8x8 Virtual Office] => C:\Program Files (x86)\8x8 Virtual Office\8x8 - Virtual Office\8x8 - Virtual Office.exe [143360 2016-01-05] (8x8, Inc.)
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\RunOnce: [126_16485091549542] => C:\Users\nikita.levitan\AppData\Local\LMIR0001.tmp_r.bat [367 2016-01-26] ()
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\RunOnce: [126_1937221549542] => C:\Users\nikita.levitan\AppData\Local\LMIR0002.tmp_r.bat [367 2016-01-26] ()
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Policies\system: [DisableLockWorkstation] 0
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-11-14]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-11-14]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2013-11-14]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-11-14]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2015-07-27]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
Startup: C:\Users\nikita.levitan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EmEditor.lnk [2015-03-24]
ShortcutTarget: EmEditor.lnk -> C:\Program Files\EmEditor\emedtray.exe (Emurasoft, Inc.)
Startup: C:\Users\nikita.levitan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk [2013-11-14]
ShortcutTarget: KatMouse.lnk -> C:\Program Files (x86)\KatMouse\KatMouse.exe ()
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.16.1.1 10.16.1.4
Tcpip\..\Interfaces\{48FDF5AD-AFCA-4F0E-AEE2-3928C7E58B49}: [DhcpNameServer] 10.16.1.1 10.2.1.39 10.9.1.1
Tcpip\..\Interfaces\{C51AF253-F88B-4D52-9F8F-FEB696F86577}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D8B9477C-92A9-4C11-A40A-32672C53B974}: [DhcpNameServer] 10.16.1.1 10.16.1.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-08-20] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-01-09] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-01-09] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-08-20] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-08-20] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2014-08-20] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-19] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1935655697-1177238915-682003330-12158 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-19] (Google Inc.)
Toolbar: HKU\S-1-5-21-1935655697-1177238915-682003330-12158 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-1935655697-1177238915-682003330-12158 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2014-08-20] (Siber Systems Inc.)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {AB1408A0-10F6-40BA-984D-074D7BDC3126} hxxp://10.2.2.81/CAB/VideoPlugine.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc.)
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\nikita.levitan\AppData\Roaming\Mozilla\Firefox\Profiles\v0dkdkyt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-20] ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-01-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-01-09] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2013-03-21] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-20] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-04-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-01-07] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2011-06-01] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-03-19] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1935655697-1177238915-682003330-12158: @asperasoft.com/AsperaConnect -> C:\Users\nikita.levitan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.2\npasperaweb_3.5.2.97180.dll [2014-12-07] (Aspera, Inc. )
FF Plugin HKU\S-1-5-21-1935655697-1177238915-682003330-12158: @citrixonline.com/appdetectorplugin -> C:\Users\nikita.levitan\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-27] (Citrix Online)
FF Extension: Firebug - C:\Users\nikita.levitan\AppData\Roaming\Mozilla\Firefox\Profiles\v0dkdkyt.default\Extensions\firebug@software.joehewitt.com.xpi [2015-11-05]
FF Extension: Video DownloadHelper - C:\Users\nikita.levitan\AppData\Roaming\Mozilla\Firefox\Profiles\v0dkdkyt.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-05]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-08-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-20] [not signed]
FF HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-29]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2013-11-12]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-16]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpniohnfphhjihaiiggeabnkjhpaldj [2014-07-14]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-01-21]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-01-21]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpgkdflcnofdbbkiggklcfmgbnbabhh [2013-11-12]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-01-21]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\eokekhgpaakbkfkmjjcbffibkencdfkl [2015-12-16]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2015-06-25]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-21]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjhfchfapkofikadjaadhggookflbde [2015-07-18]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhmhfmkkefhodppadapgpnaiccboohef [2015-01-13]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-01-21]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\offolacfggfodbfpfghglpdbenffmkff [2015-02-06]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-11-21]
CHR Extension: (Click&Clean App) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-10-29]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-19]
CHR Extension: (Store) - C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnngehidikgomgfjbpffonkeimgbpjlh [2014-04-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 BrcmMgmtAgent; C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [158720 2010-06-29] (Broadcom Corporation) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156400 2015-11-24] (NVIDIA Corporation)
R2 GManager; C:\Windows\system32\GManager.exe [313432 2012-08-28] ()
R2 IxiaEndpoint; C:\Program Files\Ixia\Endpoint\endpoint.exe [494080 2015-02-19] () [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-04] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-04] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-12-11] (LogMeIn, Inc.)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1385280 2013-12-10] (Microsoft Corp.)
R2 NalServ; C:\Windows\SysWOW64\nalserv.exe [135168 2012-04-30] (Nalpeiron Ltd.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-04-30] (Nalpeiron Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-11-24] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8133424 2015-11-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5915440 2015-11-24] (NVIDIA Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139400 2010-09-29] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-11-27] (Intuit Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 EraserSvc11511; "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.5337.5000.105\Bin\ccSvcHst.exe" /h ccCommon [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-12-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-20] (Malwarebytes)
R3 mctkmd; C:\Windows\system32\drivers\mctkmd64.sys [154392 2013-11-20] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\Windows\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-11-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-24] (NVIDIA Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-11-06] ()
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-06-24] ()
S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2013-12-11] (LogMeIn, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 t2usb64; C:\Windows\System32\drivers\t2usb64.sys [428664 2013-08-22] (Magic Control Technology Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 14:07 - 2016-01-27 14:07 - 00154813 _____ C:\Users\nikita.levitan\Desktop\Summary.zip
2016-01-27 14:05 - 2016-01-27 14:05 - 03692752 _____ C:\Users\nikita.levitan\Desktop\Summary.nfo
2016-01-27 13:58 - 2016-01-27 14:00 - 00080765 _____ C:\Users\nikita.levitan\Desktop\Addition.txt
2016-01-27 13:57 - 2016-01-27 14:09 - 00053731 _____ C:\Users\nikita.levitan\Desktop\FRST.txt
2016-01-27 13:57 - 2016-01-27 14:09 - 00000000 ____D C:\FRST
2016-01-27 13:54 - 2016-01-27 13:54 - 02370560 _____ (Farbar) C:\Users\nikita.levitan\Desktop\FRST64.exe
2016-01-27 11:39 - 2016-01-27 11:39 - 00235911 _____ C:\Users\nikita.levitan\Desktop\SafeSend_Quotation-signed.pdf
2016-01-27 11:08 - 2016-01-27 11:08 - 00086475 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_27_2016_15_59_08.html
2016-01-27 11:07 - 2016-01-27 11:07 - 01670469 _____ C:\Users\nikita.levitan\Downloads\ZYMI_1511_007-01_Japanese_Final.zip
2016-01-27 11:07 - 2016-01-27 11:07 - 01670469 _____ C:\Users\nikita.levitan\Downloads\ZYMI_1511_007-01_Japanese_Final (1).zip
2016-01-26 20:27 - 2016-01-26 20:27 - 00244456 _____ C:\Users\nikita.levitan\Downloads\T73271533.pdf
2016-01-26 20:27 - 2016-01-26 20:27 - 00244456 _____ C:\Users\nikita.levitan\Downloads\T73257822.pdf
2016-01-26 20:27 - 2016-01-26 20:27 - 00244454 _____ C:\Users\nikita.levitan\Downloads\T73185377.pdf
2016-01-26 20:27 - 2016-01-26 20:27 - 00244441 _____ C:\Users\nikita.levitan\Downloads\T73207007.pdf
2016-01-26 20:23 - 2016-01-26 20:23 - 00262972 _____ C:\Users\nikita.levitan\Desktop\Gmail - Your Wednesday evening trip with Uber.pdf
2016-01-26 20:20 - 2016-01-26 20:20 - 00070383 _____ C:\Users\nikita.levitan\Desktop\Account Activity.pdf
2016-01-26 20:02 - 2016-01-26 20:02 - 00244455 _____ C:\Users\nikita.levitan\Downloads\T72739422.pdf
2016-01-26 20:02 - 2016-01-26 20:02 - 00244450 _____ C:\Users\nikita.levitan\Downloads\T72766039 (1).pdf
2016-01-26 20:01 - 2016-01-26 20:01 - 00244450 _____ C:\Users\nikita.levitan\Downloads\T72766039.pdf
2016-01-26 19:55 - 2016-01-26 19:55 - 00320840 _____ C:\Users\nikita.levitan\Downloads\invoice.13074879-0.pdf
2016-01-26 19:33 - 2016-01-26 19:33 - 00244456 _____ C:\Users\nikita.levitan\Downloads\T72156285.pdf
2016-01-26 19:19 - 2016-01-26 19:19 - 00000367 _____ C:\Users\nikita.levitan\AppData\Local\LMIR0002.tmp_r.bat
2016-01-26 18:47 - 2016-01-26 18:47 - 01593384 _____ (LogMeIn, Inc.) C:\Users\nikita.levitan\Downloads\Support-LogMeInRescue (10).exe
2016-01-26 18:40 - 2016-01-26 18:40 - 00101863 _____ C:\Users\nikita.levitan\Desktop\Gmail - Renewal receipt for order #911101782.pdf
2016-01-26 18:31 - 2016-01-26 18:31 - 00089613 _____ C:\Users\nikita.levitan\Desktop\Gmail - Your Order at WindowsIT Pro Store.pdf
2016-01-26 18:22 - 2016-01-26 18:22 - 00244459 _____ C:\Users\nikita.levitan\Downloads\T71592751 (1).pdf
2016-01-26 18:22 - 2016-01-26 18:22 - 00244458 _____ C:\Users\nikita.levitan\Downloads\T71471645.pdf
2016-01-26 18:21 - 2016-01-26 18:21 - 00244459 _____ C:\Users\nikita.levitan\Downloads\T71592751.pdf
2016-01-26 16:39 - 2016-01-26 16:39 - 00000367 _____ C:\Users\nikita.levitan\AppData\Local\LMIR0001.tmp_r.bat
2016-01-26 14:55 - 2016-01-26 14:55 - 01593384 _____ (LogMeIn, Inc.) C:\Users\nikita.levitan\Downloads\Support-LogMeInRescue (9).exe
2016-01-26 14:48 - 2016-01-26 14:48 - 00052736 _____ C:\Users\nikita.levitan\Desktop\Undeliverable  test 1.msg
2016-01-26 11:22 - 2016-01-26 11:22 - 00137854 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_26_2016_08_52_24.html
2016-01-26 11:22 - 2016-01-26 11:22 - 00137854 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_26_2016_08_52_24 (1).html
2016-01-26 10:44 - 2016-01-26 10:44 - 01249280 _____ C:\Users\nikita.levitan\Downloads\LicensingServerToolkit-v1.7.msi
2016-01-26 10:23 - 2016-01-26 10:23 - 00563889 _____ C:\Users\nikita.levitan\Downloads\LicenseReport_26-01-2016 15-23-46.xls
2016-01-25 18:10 - 2016-01-25 18:10 - 00105152 _____ C:\Users\nikita.levitan\Desktop\email compare.xlsx
2016-01-25 17:55 - 2016-01-25 17:55 - 00102292 _____ C:\Users\nikita.levitan\Desktop\Email_Addresses.csv
2016-01-25 17:05 - 2016-01-25 17:05 - 00388608 _____ (Trend Micro Inc.) C:\Users\nikita.levitan\Downloads\HijackThis.exe
2016-01-25 16:50 - 2016-01-25 16:50 - 00142215 _____ C:\Users\nikita.levitan\Desktop\Welocalize Madison SOA-signed.pdf
2016-01-25 16:19 - 2016-01-25 16:19 - 00014153 _____ C:\Users\nikita.levitan\Downloads\Report_3ebc5a82-2ad4-43d4-9042-926cb7db24ad (1).txt
2016-01-25 16:08 - 2016-01-25 16:08 - 00001015 _____ C:\Users\nikita.levitan\Downloads\Report_3ebc5a82-2ad4-43d4-9042-926cb7db24ad.txt
2016-01-25 15:56 - 2016-01-25 15:56 - 00000143 _____ C:\Users\nikita.levitan\Downloads\MigrationErrors (1).csv
2016-01-25 15:53 - 2016-01-25 15:53 - 01057943 _____ C:\Users\nikita.levitan\Downloads\Report_5bf6ffaa-6521-4012-9686-62cf98f44a21 (1).txt
2016-01-25 11:18 - 2016-01-25 11:19 - 00842774 _____ C:\Users\nikita.levitan\Downloads\Report_5bf6ffaa-6521-4012-9686-62cf98f44a21.txt
2016-01-25 11:08 - 2016-01-25 11:08 - 00002441 _____ C:\Users\Public\Desktop\8x8 - Virtual Office.lnk
2016-01-25 11:08 - 2016-01-25 11:08 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\com.8x8.uc-air
2016-01-25 11:08 - 2016-01-25 11:08 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\8x8 Virtual Office
2016-01-25 11:08 - 2016-01-25 11:08 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\Plantronics
2016-01-25 11:08 - 2016-01-25 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\8x8 - Virtual Office
2016-01-25 11:07 - 2016-01-25 11:07 - 00000000 ____D C:\Program Files (x86)\8x8 Virtual Office
2016-01-25 11:06 - 2016-01-25 11:07 - 41901568 _____ C:\Users\nikita.levitan\Downloads\uc.msi
2016-01-22 18:24 - 2016-01-22 18:24 - 00131727 _____ C:\Users\nikita.levitan\Desktop\131433-signed.pdf
2016-01-22 18:18 - 2016-01-22 18:18 - 00145605 _____ C:\Users\nikita.levitan\Desktop\2.pdf
2016-01-22 18:18 - 2016-01-22 18:18 - 00142679 _____ C:\Users\nikita.levitan\Desktop\3.pdf
2016-01-22 18:17 - 2016-01-22 18:17 - 00144698 _____ C:\Users\nikita.levitan\Desktop\1.pdf
2016-01-22 17:34 - 2016-01-22 17:35 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\CutePDF Writer
2016-01-22 17:34 - 2016-01-22 17:34 - 05254656 _____ C:\Users\nikita.levitan\Downloads\converter.exe
2016-01-22 17:34 - 2016-01-22 17:34 - 00000000 ____D C:\Program Files (x86)\GPLGS
2016-01-22 17:33 - 2016-01-22 17:33 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\SolidDocuments
2016-01-22 17:30 - 2016-01-22 17:30 - 02570536 _____ (Acro Software Inc. ) C:\Users\nikita.levitan\Downloads\CuteWriter.exe
2016-01-22 17:30 - 2016-01-22 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2016-01-22 17:30 - 2016-01-22 17:30 - 00000000 ____D C:\Program Files (x86)\Acro Software
2016-01-22 17:30 - 2016-01-19 20:27 - 00088496 _____ C:\Windows\system32\cpwmon64.dll
2016-01-22 17:28 - 2016-01-22 17:28 - 14903905 _____ C:\Users\nikita.levitan\Desktop\CX-0600C+Tosh_EDISC_ITC949_CONFIDENTIAL_00027018_ENG_2.pdf
2016-01-22 17:19 - 2016-01-22 17:19 - 00259327 _____ C:\Users\nikita.levitan\Desktop\Uncorrupted Source EDITING FILE.pdf
2016-01-21 16:24 - 2016-01-21 16:24 - 00003559 _____ C:\Users\nikita.levitan\Desktop\JRT.txt
2016-01-21 16:21 - 2016-01-21 16:22 - 00239996 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_16.21.01_log.txt
2016-01-21 16:08 - 2016-01-21 16:08 - 00047007 _____ C:\ComboFix.txt
2016-01-21 15:30 - 2016-01-21 16:09 - 00000000 ____D C:\ComboFix
2016-01-21 15:30 - 2016-01-21 15:31 - 00216404 _____ C:\TDSSKiller.3.1.0.9_21.01.2016_15.30.07_log.txt
2016-01-21 15:29 - 2015-12-11 22:50 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\nikita.levitan\Downloads\TDSSKiller.exe
2016-01-21 12:01 - 2016-01-21 16:09 - 00000000 ____D C:\Qoobox
2016-01-21 12:01 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2016-01-21 12:01 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2016-01-21 12:01 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-01-21 12:01 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-01-21 12:01 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-01-21 12:01 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2016-01-21 12:01 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2016-01-21 12:01 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2016-01-21 12:00 - 2016-01-21 12:34 - 00000000 ____D C:\Windows\erdnt
2016-01-21 12:00 - 2016-01-21 12:00 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\nikita.levitan\Downloads\rkill (1)64-28726.exe
2016-01-21 11:59 - 2016-01-21 11:59 - 04633146 _____ C:\Users\nikita.levitan\Downloads\tdsskiller.zip
2016-01-21 11:59 - 2016-01-21 11:59 - 00000354 _____ C:\TDSSKiller.2.8.16.0_21.01.2016_11.59.22_log.txt
2016-01-21 11:58 - 2016-01-21 11:58 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\nikita.levitan\Downloads\rkill (1).exe
2016-01-21 11:58 - 2016-01-21 11:58 - 01107912 _____ (Bleeping Computer, LLC) C:\Users\nikita.levitan\Downloads\rkill (1)64.exe
2016-01-21 11:57 - 2016-01-21 15:29 - 00002438 _____ C:\Users\nikita.levitan\Desktop\Rkill.txt
2016-01-21 11:57 - 2016-01-21 11:57 - 00000000 ____D C:\Users\nikita.levitan\Desktop\rkill
2016-01-21 11:55 - 2016-01-21 16:52 - 00000000 ____D C:\AdwCleaner
2016-01-21 11:06 - 2016-01-21 11:06 - 05650673 ____R (Swearware) C:\Users\nikita.levitan\Downloads\ComboFix.exe
2016-01-21 11:05 - 2016-01-21 11:05 - 01600184 _____ (Malwarebytes) C:\Users\nikita.levitan\Downloads\JRT (1).exe
2016-01-21 11:05 - 2016-01-21 11:05 - 01505280 _____ C:\Users\nikita.levitan\Downloads\AdwCleaner (1).exe
2016-01-20 16:16 - 2016-01-20 16:16 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-01-20 16:16 - 2016-01-20 16:16 - 00002216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-01-20 16:16 - 2016-01-20 16:16 - 00002146 _____ C:\Users\Public\Desktop\Adobe FormsCentral.lnk
2016-01-20 16:16 - 2016-01-20 16:16 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-01-20 16:16 - 2016-01-20 16:16 - 00002032 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2016-01-20 15:59 - 2016-01-20 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2016-01-20 15:59 - 2016-01-20 15:59 - 00000000 ____D C:\Program Files (x86)\Acronis
2016-01-20 15:56 - 2016-01-20 15:56 - 00001083 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2016-01-20 15:56 - 2016-01-20 15:56 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\VS Revo Group
2016-01-20 15:56 - 2016-01-20 15:56 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-20 15:56 - 2016-01-20 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-20 15:56 - 2016-01-20 15:56 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-20 15:56 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-01-20 15:45 - 2016-01-20 15:45 - 11199448 _____ (VS Revo Group ) C:\Users\nikita.levitan\Downloads\RevoUninProSetup.exe
2016-01-19 15:54 - 2016-01-19 15:54 - 00052656 _____ C:\Users\nikita.levitan\Downloads\unassoc_1_4.zip
2016-01-19 12:57 - 2016-01-19 12:57 - 05444423 _____ C:\Users\nikita.levitan\Downloads\Ouroboros Template.zip
2016-01-19 12:57 - 2016-01-19 12:57 - 00538732 _____ C:\Users\nikita.levitan\Downloads\Pepperstone MetaTrader4 install.zip
2016-01-19 12:44 - 2016-01-19 12:44 - 02152781 _____ C:\Users\nikita.levitan\Downloads\Ouroboros Getting Started Guide.ppsx
2016-01-18 17:33 - 2016-01-18 17:34 - 00000000 ____D C:\Users\nikita.levitan\Downloads\Ed Sheeran  - + (Plus) [2011 Album]
2016-01-18 17:33 - 2016-01-18 17:33 - 00000000 ____D C:\Users\nikita.levitan\Downloads\x (Deluxe Edition)
2016-01-18 10:12 - 2016-01-18 10:26 - 03003282 _____ C:\Users\nikita.levitan\Desktop\Team Central.pptx
2016-01-15 18:48 - 2016-01-15 18:48 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-01-15 18:48 - 2016-01-15 18:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-15 18:48 - 2016-01-15 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-01-15 18:29 - 2016-01-15 18:29 - 08896640 _____ (TGRMN Software ) C:\Users\nikita.levitan\Downloads\BRU_setup_3.0.0.0.exe
2016-01-15 16:10 - 2016-01-15 16:10 - 00121584 _____ C:\Users\nikita.levitan\Downloads\Multima8.zip
2016-01-14 12:41 - 2016-01-14 12:41 - 00055351 _____ C:\Users\nikita.levitan\Downloads\130525.pdf
2016-01-14 12:24 - 2016-01-14 12:24 - 00004548 _____ C:\Users\nikita.levitan\Downloads\ypda79nahchzwfdooymesmaoa4efqzht.zip
2016-01-14 12:18 - 2016-01-14 12:18 - 00302611 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_14_2016_17_14_43.html
2016-01-14 12:09 - 2016-01-14 12:09 - 00106125 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_14_2016_14_44_01.html
2016-01-14 12:04 - 2016-01-14 12:04 - 00281391 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_14_2016_14_46_04.html
2016-01-14 11:47 - 2016-01-14 11:47 - 00000008 _____ C:\Users\nikita.levitan\Desktop\Dz5YqJ2a.html
2016-01-13 18:03 - 2016-01-13 18:03 - 00001728 _____ C:\Users\nikita.levitan\Desktop\MessageTracking_AllHubs.01.12.2016-01.14.2016_20160113140210.csv
2016-01-13 18:03 - 2016-01-13 18:03 - 00000828 _____ C:\Users\nikita.levitan\Desktop\MessageTracking_AllHubs.01.12.2016-01.14.2016 (1).csv
2016-01-13 17:50 - 2016-01-13 17:50 - 00073286 _____ C:\Users\nikita.levitan\Downloads\FULL_DESCRIPTION_01_13_2016_22_31_00.html
2016-01-12 19:53 - 2016-01-12 20:16 - 39901167 _____ C:\Users\nikita.levitan\Documents\Park Kickoff Clean Slides_Park Filing portal.mp4
2016-01-12 19:18 - 2016-01-12 19:18 - 35102945 _____ C:\Users\nikita.levitan\Documents\Park Kickoff Clean Slides_Park Filing portal.xml
2016-01-12 18:56 - 2016-01-12 18:56 - 00001851 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-01-12 18:56 - 2016-01-12 18:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-12 18:32 - 2016-01-13 12:59 - 25612133 _____ C:\Users\nikita.levitan\Documents\Park Kickoff Clean Slides_Park Filing portal.pptx
2016-01-12 17:48 - 2016-01-12 17:48 - 11395076 ____R C:\Users\nikita.levitan\Desktop\2016-01-12_1657[1].swf
2016-01-12 15:46 - 2016-01-12 15:46 - 00053735 _____ C:\Users\nikita.levitan\Downloads\EP2767503_estimate_01_12_2016_12_48_22.pdf
2016-01-11 16:31 - 2016-01-11 16:55 - 28877902 _____ C:\Users\nikita.levitan\Downloads\z00fz.T.pdf
2016-01-11 13:47 - 2016-01-11 13:47 - 00000829 _____ C:\Users\nikita.levitan\Downloads\messageauditdetails_customer_parkipt_1132578_20160108 (1).csv
2016-01-11 13:38 - 2016-01-11 13:38 - 00230122 _____ C:\Users\nikita.levitan\Downloads\export_01-30-2014 (3).csv
2016-01-08 17:11 - 2016-01-08 17:11 - 00000483 _____ C:\Users\nikita.levitan\Downloads\costs (1).csv
2016-01-08 17:11 - 2016-01-08 17:11 - 00000121 _____ C:\Users\nikita.levitan\Downloads\costs.csv
2016-01-08 16:54 - 2016-01-08 16:54 - 00964528 _____ (Ursa Soft) C:\Users\nikita.levitan\Downloads\UrsaSpellingSetup_2.3.exe
2016-01-08 16:36 - 2016-01-08 16:36 - 00000829 _____ C:\Users\nikita.levitan\Downloads\MessageAuditDetails_Customer_parkipt_1132578_20160108.csv
2016-01-08 10:50 - 2016-01-08 10:51 - 00473566 _____ C:\Users\nikita.levitan\Documents\RI Analysis-November 2015-xxxxxxxx4867-Partial Upfront-2015123013228.pdf
2016-01-07 11:25 - 2016-01-07 11:25 - 04680232 _____ (TeamViewer) C:\Users\nikita.levitan\Downloads\welocalizesupport (8).exe
2016-01-06 18:15 - 2016-01-06 18:15 - 00029184 _____ C:\Users\nikita.levitan\Downloads\allinternalpasswords.xls
2016-01-06 18:15 - 2016-01-06 18:15 - 00029184 _____ C:\Users\nikita.levitan\Downloads\allinternalpasswords (1).xls
2016-01-06 18:09 - 2016-01-06 18:09 - 00029515 _____ C:\Users\nikita.levitan\Downloads\password_2007_2010.xlam
2016-01-06 17:53 - 2016-01-06 17:53 - 00000000 ____D C:\Users\nikita.levitan\Downloads\xvi32
2016-01-06 17:52 - 2016-01-06 17:52 - 00000000 ____D C:\Users\nikita.levitan\Desktop\xvi32u
2016-01-06 17:51 - 2016-01-06 17:51 - 00571070 _____ C:\Users\nikita.levitan\Downloads\xvi32.zip
2016-01-06 12:55 - 2016-01-21 11:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-06 12:55 - 2016-01-20 18:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-06 12:55 - 2016-01-06 12:55 - 22908888 _____ (Malwarebytes ) C:\Users\nikita.levitan\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-06 12:55 - 2016-01-06 12:55 - 00001112 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-06 12:55 - 2016-01-06 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-06 12:55 - 2016-01-06 12:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-06 12:55 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-06 12:55 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-06 12:55 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-04 06:13 - 2016-01-04 06:13 - 00001692 _____ C:\Users\nikita.levitan\Downloads\lego.pem

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-27 14:10 - 2013-11-12 11:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 14:10 - 2013-11-12 11:10 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\Skype
2016-01-27 14:00 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-27 13:47 - 2013-11-12 10:42 - 00000392 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-27 13:23 - 2015-05-14 17:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-27 13:22 - 2014-02-12 13:12 - 00000616 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1935655697-1177238915-682003330-12158.job
2016-01-27 13:21 - 2015-06-01 12:29 - 00000712 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1935655697-1177238915-682003330-12158.job
2016-01-27 13:12 - 2014-01-14 10:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-27 12:13 - 2015-01-14 13:42 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\LogMeInIgnition
2016-01-27 12:13 - 2013-11-21 13:45 - 00000000 ____D C:\ProgramData\LogMeIn
2016-01-27 11:27 - 2014-06-06 14:33 - 00000000 ____D C:\Users\nikita.levitan\.asdm
2016-01-27 02:00 - 2013-11-12 11:12 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\Adobe
2016-01-26 20:08 - 2015-10-26 15:43 - 00062094 _____ C:\Users\nikita.levitan\Desktop\Capital One - Transactions & Details.pdf
2016-01-26 19:40 - 2009-07-13 23:45 - 00023840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-26 19:40 - 2009-07-13 23:45 - 00023840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-26 19:17 - 2010-04-26 11:24 - 00002014 ____H C:\Users\nikita.levitan\Documents\Default.rdp
2016-01-26 18:49 - 2013-11-13 12:06 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\FileZilla
2016-01-26 17:10 - 2013-11-12 11:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 14:54 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-26 12:32 - 2014-01-27 15:33 - 00000000 ____D C:\Users\nikita.levitan\Desktop\Molly
2016-01-26 11:12 - 2015-10-05 16:23 - 00000000 ____D C:\RDCMgr
2016-01-25 17:33 - 2013-12-20 16:13 - 00000600 _____ C:\Users\nikita.levitan\AppData\Local\PUTTY.RND
2016-01-22 15:45 - 2013-11-12 13:50 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\Apps\2.0
2016-01-22 15:00 - 2013-11-12 13:49 - 00000000 ____D C:\Users\nikita.levitan\Documents\Outlook Files
2016-01-21 18:03 - 2013-11-12 11:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-21 18:02 - 2014-11-20 19:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-21 18:02 - 2014-03-12 02:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-21 18:01 - 2014-03-12 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-21 18:01 - 2014-03-12 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-21 17:54 - 2013-11-12 14:59 - 00778660 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-21 17:54 - 2009-07-14 00:13 - 00778660 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-21 17:54 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-21 17:49 - 2013-12-23 09:30 - 00000000 ____D C:\Windows\system32\MRT
2016-01-21 17:35 - 2013-12-23 09:29 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-21 17:33 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2016-01-21 17:26 - 2013-12-04 15:50 - 00000039 _____ C:\Windows\vbaddin.ini
2016-01-21 17:07 - 2015-03-23 11:02 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\CrashDumps
2016-01-21 16:55 - 2014-04-28 13:12 - 00000994 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-01-21 16:55 - 2009-07-13 23:45 - 05539712 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-21 16:54 - 2015-12-01 17:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-21 16:54 - 2014-01-06 18:08 - 00002812 _____ C:\Windows\system32\GManager.ini
2016-01-21 16:54 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-21 16:03 - 2013-11-22 14:46 - 00000000 ____D C:\Users\nikita.levitan\dwhelper
2016-01-21 15:44 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-01-21 15:27 - 2015-09-30 13:01 - 00143707 _____ C:\Users\nikita.levitan\Desktop\servicedesk.welocalize.com_PurchaseOrder.pdf
2016-01-21 11:11 - 2013-11-12 13:07 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-21 09:55 - 2014-03-06 17:05 - 00000000 ____D C:\AMD
2016-01-21 02:33 - 2013-11-12 13:07 - 00168936 _____ C:\Users\nikita.levitan\AppData\Local\GDIPFONTCACHEV1.DAT
2016-01-20 16:31 - 2014-02-20 10:52 - 00000000 ____D C:\Program Files (x86)\HxD
2016-01-20 16:15 - 2013-11-12 11:17 - 00000000 ____D C:\ProgramData\Adobe
2016-01-20 16:14 - 2013-11-12 12:50 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-20 15:38 - 2013-11-12 11:08 - 00000000 ____D C:\ProgramData\Skype
2016-01-20 12:58 - 2013-12-23 15:35 - 00000000 ____D C:\Program Files\Adobe
2016-01-20 12:58 - 2013-12-23 15:34 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-20 12:58 - 2013-11-12 11:32 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\Adobe
2016-01-20 12:48 - 2013-11-22 14:43 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\Mozilla
2016-01-20 12:47 - 2015-12-23 15:03 - 00000000 ____D C:\ProgramData\PDF Architect 4
2016-01-20 12:46 - 2015-12-23 14:58 - 00000000 ____D C:\Program Files (x86)\pdfsam
2016-01-20 12:45 - 2015-12-23 15:01 - 00000000 ____D C:\Program Files\PDFCreator
2016-01-20 11:12 - 2014-01-14 10:06 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-20 11:12 - 2014-01-14 10:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-20 11:12 - 2014-01-14 10:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-19 17:47 - 2013-11-12 10:57 - 00090796 __RSH C:\Users\nikita.levitan\ntuser.pol
2016-01-19 17:47 - 2013-11-12 10:57 - 00000000 ____D C:\Users\nikita.levitan
2016-01-19 15:49 - 2015-06-01 12:29 - 00003760 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1935655697-1177238915-682003330-12158
2016-01-19 15:49 - 2014-02-12 13:12 - 00003664 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1935655697-1177238915-682003330-12158
2016-01-18 20:00 - 2015-12-23 15:10 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\PDF Architect 4
2016-01-18 17:35 - 2013-12-03 15:43 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\uTorrent
2016-01-15 19:31 - 2014-11-20 19:41 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-15 19:29 - 2013-11-12 11:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-15 18:48 - 2014-08-04 09:50 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\Skype
2016-01-15 18:39 - 2013-11-12 13:42 - 00000000 ____D C:\Windows\PCHEALTH
2016-01-15 18:30 - 2014-08-05 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2016-01-15 18:30 - 2014-08-05 15:57 - 00000000 ____D C:\Program Files\Bulk Rename Utility
2016-01-14 20:12 - 2013-11-12 11:20 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-12 18:56 - 2013-11-27 19:35 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-01-12 18:20 - 2013-11-12 11:11 - 00000000 ____D C:\Users\nikita.levitan\AppData\Local\Microsoft Help
2016-01-12 18:06 - 2013-11-27 19:53 - 00005632 _____ C:\Users\nikita.levitan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-07 15:40 - 2014-03-04 18:18 - 00000000 ____D C:\Users\nikita.levitan\AppData\Roaming\VMware
2016-01-07 11:19 - 2015-03-23 19:51 - 00000088 _____ C:\Users\nikita.levitan\Desktop\.htaccess

==================== Files in the root of some directories =======

2014-02-03 16:19 - 2014-02-03 16:19 - 0000132 _____ () C:\Users\nikita.levitan\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-01-27 10:29 - 2014-11-21 20:06 - 0000132 _____ () C:\Users\nikita.levitan\AppData\Roaming\Adobe PNG Format CS6 Prefs
2015-12-03 15:14 - 2015-12-03 15:14 - 0038488 _____ () C:\Users\nikita.levitan\AppData\Roaming\Comma Separated Values.ADR
2014-01-07 16:37 - 2014-01-20 15:50 - 0000231 _____ () C:\Users\nikita.levitan\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-07 16:21 - 2014-01-07 16:21 - 0001153 _____ () C:\Users\nikita.levitan\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-01-07 16:37 - 2014-01-20 15:50 - 0000231 _____ () C:\Users\nikita.levitan\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-13 13:17 - 2014-08-04 13:46 - 0000600 _____ () C:\Users\nikita.levitan\AppData\Roaming\winscp.rnd
2013-11-14 11:03 - 2015-12-14 12:36 - 0001456 _____ () C:\Users\nikita.levitan\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-27 19:53 - 2016-01-12 18:06 - 0005632 _____ () C:\Users\nikita.levitan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-01-26 16:39 - 2016-01-26 16:39 - 0000367 _____ () C:\Users\nikita.levitan\AppData\Local\LMIR0001.tmp_r.bat
2016-01-26 19:19 - 2016-01-26 19:19 - 0000367 _____ () C:\Users\nikita.levitan\AppData\Local\LMIR0002.tmp_r.bat
2013-12-20 16:13 - 2016-01-25 17:33 - 0000600 _____ () C:\Users\nikita.levitan\AppData\Local\PUTTY.RND
2014-10-30 17:13 - 2014-10-30 17:10 - 0005820 _____ () C:\Users\nikita.levitan\AppData\Local\report.zip
2015-04-17 11:43 - 2015-07-24 17:28 - 0007593 _____ () C:\Users\nikita.levitan\AppData\Local\Resmon.ResmonCfg
2014-10-30 17:04 - 2014-10-30 16:59 - 0495049 _____ () C:\Users\nikita.levitan\AppData\Local\SPDX-BIZHub14103014010.pdf
2013-11-12 14:58 - 2014-04-10 12:54 - 0000218 _____ () C:\Users\nikita.levitan\AppData\Local\xobni_installer_updater.log
2013-12-04 16:52 - 2013-12-04 16:52 - 8673792 _____ () C:\ProgramData\atscie.msi

Files to move or delete:
====================
C:\Users\nikita.levitan\pingwithlog.vbs


Some files in TEMP:
====================
C:\Users\nikita.levitan\AppData\Local\Temp\converter.exe
C:\Users\nikita.levitan\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\nikita.levitan\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-19 00:08

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by nikita.levitan (2016-01-27 14:10:15)
Running from C:\Users\nikita.levitan\Desktop
Windows 7 Enterprise Service Pack 1 (X64) (2013-11-12 15:22:12)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3781689812-2414546879-918710521-500 - Administrator - Disabled)
COMP20 (S-1-5-21-3781689812-2414546879-918710521-1000 - Limited - Enabled) => C:\Users\COMP20
Guest (S-1-5-21-3781689812-2414546879-918710521-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
8x8 - Virtual Office (HKLM-x32\...\{762CF680-4234-44AE-AC4F-EA91C26B2C51}) (Version: 4.3.027 - 8x8, Inc.)
Acronis Disk Director 11 Home (HKLM-x32\...\{06E34C00-0446-4176-81C8-A5DAFE53CA36}) (Version: 11.0.2121 - Acronis)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced IP Scanner 2.3 (HKLM-x32\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apex Software (HKLM-x32\...\{428DAF43-9329-4DC5-9959-7F2149AF92DA}) (Version: 2.0.128 - Apex)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ApSIC Xbench 3.0 (HKLM-x32\...\ApSIC Xbench) (Version: 3.0.0.1266 - ApSIC, S.L.)
Aspera Connect 3.5.2.97180 (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Aspera Connect 3.5.2.97180) (Version: 3.5.2.97180 - Aspera, Inc.)
Aspera Connect 3.5.2.97180 (x32 Version: 3.5.2.97180 - Aspera, Inc.) Hidden
ÀüÀÚ¹®¼­ÀÛ¼º±â(K-EDITOR) (HKLM-x32\...\{D554E732-A1FB-4A2C-9E9D-B806C78FF330}) (Version:  - )
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.3.0 - Auslogics Labs Pty Ltd)
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Batchrun (HKLM-x32\...\Batchrun) (Version: 4.3 - Outertech)
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.2.4.1 - Broadcom Corporation)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Bulk Certification Tool (HKLM-x32\...\BulkCertificationTool) (Version:  - )
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version:  - TGRMN Software)
Bulk Rename Utility 3.0.0.0 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
Camtasia Studio 7 (HKLM-x32\...\{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}) (Version: 7.0.0 - TechSmith Corporation)
Charachters Statistic (HKLM-x32\...\CharachtersStatistic) (Version:  - )
Cisco ASDM-IDM Launcher (HKLM-x32\...\{DDB41C7D-C8DC-46DE-8528-171BD6AEE61C}) (Version: 1.5.55 - Cisco Systems, Inc.)
Cisco Packet Tracer 6.0.1 (HKLM-x32\...\Cisco Packet Tracer 6.0.1_is1) (Version:  - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Convert Audio Free WMA to MP3 version 1.0 (HKLM-x32\...\Convert Audio Free WMA to MP3_is1) (Version: 1.0 - )
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
CopyTrans Suite Remove Only (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
DarkStorm's Batch Print Handler (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\284a20edb233f056) (Version: 1.1.0.4 - Daniel Williams)
Dell System Detect - 1  (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\73f463568823ebbe) (Version: 5.13.0.1 - Dell)
Dell System Detect (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
DfontSplitter 0.3.1 (HKLM-x32\...\{19B98EFB-9493-4651-96DD-A6768A5024E3}_is1) (Version:  - Peter Upfold)
DOCX to DOC 1.0 (HKLM-x32\...\DOCX to DOC_is1) (Version:  - )
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DVD or CD Sharing (HKLM-x32\...\{514FBEC8-E8CE-4F6F-A17F-2789E8DE8D69}) (Version: 1.0.1.4 - Apple Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
EmEditor (64-bit) (HKLM\...\{91CD30DD-0BD9-4C11-A38C-DF370CE160B0}) (Version: 14.9.3 - Emurasoft, Inc.)
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
Exe to msi Converter free (HKLM-x32\...\{E3CDC5AC-EA40-4A4E-AD6E-C6D5B8973179}) (Version: 2.0.0 - APREL Technologies LLC)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FileWatcher 3.9 (HKLM\...\FileWatcher_is1) (Version: 3.9 - DataMystic)
FileZilla Client 3.13.1 (HKLM-x32\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
FreeFileSync 7.3 (HKLM-x32\...\FreeFileSync) (Version: 7.3 - www.FreeFileSync.org)
FX Choice - MetaTrader 4 (HKLM-x32\...\FX Choice - MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.9.0.4288 (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\GoToMeeting) (Version: 7.9.0.4288 - CitrixOnline)
Hewlett-Packard iLO Cmdlets (HKLM\...\{86E95773-829A-4854-9186-7957501B52E2}) (Version: 1.2.0.0 - Hewlett-Packard Co.)
Hewlett-Packard OA Cmdlets (HKLM\...\{FEA3D3B6-EF5C-4287-A5F0-4A089970C52F}) (Version: 1.1.0.3 - Hewlett-Packard Co.)
Hightail Outlook (HKLM-x32\...\{3FA1A678-114B-4309-82C8-2612E217F1B4}) (Version: 2.18.0 - Hightail)
hocr-gtk 0.7.1 (HKLM-x32\...\hocr-gtk) (Version: 0.7.1 - Yaacov Zamir)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
iExplorer 3.2.2.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iPhone Backup Extractor (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\iPhone Backup Extractor) (Version: 4.8.3.0 - Reincubate Ltd)
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Ixia Performance Endpoint for Windows (HKLM\...\{4339AC29-ECDE-41DE-A476-C4F836871F83}) (Version: 9.0.52.326 - Ixia)
j5 USB DISPLAY ADAPTER 13.20.1120.3179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 13.20.1120.3179 - j5create)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
join.me (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\JoinMe) (Version: 1.17.1.162 - LogMeIn, Inc.)
KatMouse (remove only) (HKLM-x32\...\KatMouse) (Version:  - )
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
LibreOffice 4.1.3.2 (HKLM-x32\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Links Extractor 1.4 (HKLM-x32\...\Links Extractor 1.4) (Version:  - )
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LocalExplorer (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\LocalExplorer) (Version: 1.0 - LocalExplorer)
LogMeIn (HKLM-x32\...\{F8511796-1457-4A92-BEF7-71080FCF297A}) (Version: 4.1.4132 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MetaTrader - Pepperstone (HKLM-x32\...\MetaTrader - Pepperstone) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{1332237f-35bb-462a-b1bb-3c3cc95e2909}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.7.4.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.7.4.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office Password Recovery PRO v1.0 (remove only) (HKLM-x32\...\Password Solutions - Office Password Recovery PRO) (Version: 1.0 - Password Solutions)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice-Enterprise v3.2.1 (HKLM-x32\...\{E07FC408-213B-44B3-A7D6-7438A8C2334B}) (Version: 3.2.630 - Open Office Technology, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PCT-KEditor (HKLM-x32\...\{52F20C23-02EB-4686-B0A5-9E6B25C4264D}) (Version:  - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.1 (r518) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.518 - PeerBlock, LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PremiumSoft Navicat Premium 11.0 (HKLM\...\PremiumSoft Navicat Premium_is1) (Version: 11.0.18 - PremiumSoft CyberTech Ltd.)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Properties Cleaner (HKLM-x32\...\{33E7CE58-38BD-4E51-8D17-857E3BCAF1CB}) (Version: 1.0.0 - B-HiT)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
QBFC 7.0 (HKLM-x32\...\{D90AD053-6F8D-4658-9EB8-D57C8BE39092}) (Version: 7.0.0.134 - Intuit Developer Network)
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 10.0 (HKLM-x32\...\{0700E22B-A428-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickBooks Enterprise Solutions 11.0 (HKLM-x32\...\{11E0AC7D-6828-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Remote Desktop Connection Manager (HKLM-x32\...\{0240359E-6A4C-4884-9E94-B397A02D893C}) (Version: 2.7.14060 - Microsoft Corporation)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
RoboForm 7-9-9-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-9-1 - Siber Systems)
Rtf To Doc Converter (HKLM-x32\...\{EF2BD83E-5D7C-494A-AFE0-C426CD624B60}) (Version: 2.0.2 - WindowIndia)
S3 Browser version 5.5.3 (HKLM\...\S3 Browser_is1) (Version: 5.5.3.0 - NetSDK Software, LLC)
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version:  - )
SDL Nalpeiron Service Installer (HKLM-x32\...\{DA9F5862-C8F6-424E-B7D3-37E03A397F0E}) (Version: 1.1.0 - SDL)
SDL Passolo 2011 (HKLM-x32\...\SDL Passolo 2011) (Version: SDL Passolo 2011 SP7 - SDL Passolo GmbH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.1.0240 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.7.4.10 - NVIDIA Corporation) Hidden
Skype for Business Basic 2016 - en-us (HKLM\...\SkypeforBusinessEntryRetail - en-us) (Version: 16.0.6366.2056 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TextCrawler 2.5 (HKLM-x32\...\TextCrawler) (Version: 2.5 - DigitalVolcano Software)
TotalMailConverter (HKLM-x32\...\Total Mail Converter_is1) (Version: 2.5 - Softplicity, Inc.)
TransMac version 11.2 (HKLM-x32\...\TransMac_is1) (Version: 11.2 - Acute Systems)
TreeSize Free V3.3.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.3.2 - JAM Software)
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version:  - )
UltraVnc (HKLM-x32\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3114502) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.STANDARD_{B4DBD8FE-927A-4BAF-9158-D71D2EE4C00F}) (Version:  - Microsoft)
Vim 7.4 (self-installing) (HKLM\...\Vim 7.4) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.2669 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
W2 Mate (2014) 11.0.55 (HKLM-x32\...\W2 Mate (2014)_is1) (Version:  - Real Business Solutions Inc.)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WebEx Support Manager for Internet Explorer (HKLM-x32\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
weloLangID version 1.02b (HKLM-x32\...\{DE34A53F-F921-4702-A2B6-FBAC56305E9F}_is1) (Version: 1.02b - Welocalize)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Azure Active Directory Module for Windows PowerShell (HKLM\...\{43CC9C53-A217-4850-B5B2-8C347920E500}) (Version: 1.0.0 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.1.4 (HKLM-x32\...\winscp3_is1) (Version: 5.1.4 - Martin Prikryl)
Word Password Recovery Standard  (HKLM-x32\...\Word Password Recovery Standard) (Version:  - SmartKey, Inc.)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Xiph QuickTime Components (HKLM-x32\...\XiphQT) (Version:  - )
XM MT4 (HKLM-x32\...\XM MT4) (Version: 4.00 - MetaQuotes Software Corp.)
XmlSplit Version 2.8.0.0 (HKLM-x32\...\XmlSplit 2.8.0.0_is1) (Version: 2.8.0.0 - Xponent LLC)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{04A9E854-6F47-4F37-8A10-F896717F0329}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.2\npasperaweb64_3.5.2.97180.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4007\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{AD17B774-7F87-4141-BB9C-2AEE3841DC4E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Programs\Aspera\Aspera Connect\lib\3.5.2\npasperaweb64_3.5.2.97180.dll (Aspera, Inc. )
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03DF213B-4A60-46BE-B089-5B637C9C3F75} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {07079D34-563E-4EDC-A274-7E4803B007F9} - System32\Tasks\{A19C67C9-4461-4893-B0D5-F0076D7B25C5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.2.0.103/en/go/help.faq.installer?LastError=1618
Task: {19A139D1-F200-4006-B4E1-90EC92340674} - System32\Tasks\{AEFCE97E-358A-4DE8-8962-0B885F3079A4} => pcalua.exe -a "C:\Program Files (x86)\FX Choice - MetaTrader 4\Uninstall.exe"
Task: {1D7B0986-FB4B-405A-B1DC-6E70F57C0F8B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2164C552-9085-4E36-BDE6-603AD199903E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {21BEFB7D-89C1-42DE-8B50-A1E2A68AE33C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-08] (Adobe Systems Incorporated)
Task: {4CEBDDBE-97C6-4F5A-B73B-6A9A0B202D98} - System32\Tasks\AdobeAAMUpdater-1.0-WELOCALIZE-nikita.levitan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)
Task: {57E6A0C2-D154-4361-82C6-862497F52062} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {78E5C6E7-2291-4949-858F-ABA70ED0F2FF} - System32\Tasks\G2MUploadTask-S-1-5-21-1935655697-1177238915-682003330-12158 => C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288\g2mupload.exe [2016-01-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7C39EF78-B056-4882-9D73-1C01DC5D7DE2} - System32\Tasks\LocalExplorer Update => /update
Task: {96007D82-8AAA-4F8E-8429-26ACACC9B9CD} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMGMLMIMMMOLGMMLOLCNNMOLJMIMCNJMIMLLMMCNPMMLIMNMCNJLNMLMNMGMKLHMOMIMLLLLPMJNJICMIMCNGMCNGMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMMMNMIMJNHICMMJBJKJLIMJJNBJCMBJGJEJGJLIOJBNDJKJJIGJLIOJBJJNKJCMJNNICMJNDJCMKJBJJNMJCMNMFMOMPMLMIMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {A291EAA4-B052-44FC-BC6C-DB53AF9621FE} - System32\Tasks\G2MUpdateTask-S-1-5-21-1935655697-1177238915-682003330-12158 => C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288\g2mupdate.exe [2016-01-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B814A1DF-847E-47AB-8A08-F9E3ED7C0579} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-08-20] (Siber Systems)
Task: {DC091D77-6A7F-4C64-B867-598D47BB8DAF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E9D11EF7-4E8A-43A1-8AD9-3FC8772271B5} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1935655697-1177238915-682003330-12158
Task: {EBA90D5C-0D0C-4C17-8A34-EF394D6D5356} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {FDE9B305-034E-4FAB-97CA-0F3145CAF0EC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {FEA14F55-3DE6-46E0-9B67-AED6B935A26B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1935655697-1177238915-682003330-12158.job => C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288\g2mupdate.exe C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288nikita.lev
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1935655697-1177238915-682003330-12158.job => C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288\g2mupload.exe C:\Users\nikita.levitan\AppData\Local\Citrix\GoToMeeting\4288nikita.lev
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-12-01 17:23 - 2015-11-24 13:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-01-22 17:30 - 2016-01-19 20:27 - 00088496 _____ () C:\Windows\System32\cpwmon64.dll
2015-02-13 03:20 - 2015-02-13 03:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-07 14:34 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-01-06 18:08 - 2012-08-28 14:20 - 00313432 _____ () C:\Windows\system32\GManager.exe
2015-02-19 20:31 - 2015-02-19 20:31 - 00494080 _____ () C:\Program Files\Ixia\Endpoint\endpoint.exe
2015-02-19 20:31 - 2015-02-19 20:31 - 00208384 _____ () C:\Program Files\Ixia\Endpoint\Ecomtcp.dll
2015-02-19 20:31 - 2015-02-19 20:31 - 00625664 _____ () C:\Program Files\Ixia\Endpoint\Ecommon.dll
2014-01-06 18:08 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2010-09-29 19:30 - 2010-09-29 19:30 - 02139400 _____ () C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
2016-01-15 19:29 - 2016-01-07 09:14 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-08-24 08:56 - 2015-08-24 08:56 - 00043480 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-05 08:49 - 2014-11-05 08:49 - 03346240 _____ () C:\Program Files\ApSIC\Xbench\XbShellEx-614689694.dll
2014-05-12 04:49 - 2014-05-12 04:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-11 13:31 - 2015-03-11 13:31 - 01653328 _____ () C:\Program Files\EmEditor\emedres.dll
2015-03-11 13:31 - 2015-03-11 13:31 - 00344144 _____ () C:\Program Files\EmEditor\mui\1033\emedloc.dll
2007-05-30 07:14 - 2007-05-30 07:14 - 00050688 _____ () C:\Program Files (x86)\KatMouse\KatMouse.exe
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-11-18 08:14 - 2014-11-18 08:14 - 00260792 _____ () C:\Program Files (x86)\Microsoft\Remote Desktop Connection Manager\AxMSTSCLib.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2007-06-22 09:48 - 2007-06-22 09:48 - 00044032 _____ () C:\Program Files (x86)\KatMouse\KatMouseS.dll
2015-12-01 17:25 - 2015-11-24 18:10 - 00012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-04 01:42 - 2014-02-04 01:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\boost_regex-vc90-mt-p-1_33.dll
2014-02-04 01:43 - 2014-02-04 01:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBCompressor.dll
2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\zlib1.dll
2014-02-04 01:42 - 2014-02-04 01:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\BackupLib.dll
2014-02-04 01:43 - 2014-02-04 01:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBMAPILibrary.dll
2014-02-04 01:42 - 2014-02-04 01:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\boost_serialization-vc90-mt-p-1_33.dll
2014-02-04 01:43 - 2014-02-04 01:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\mbpopup.dll
2015-07-27 15:07 - 2003-03-26 16:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2015-07-27 15:07 - 2004-12-10 11:55 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
2015-07-27 15:07 - 2005-07-08 10:36 - 00094208 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\f5bdkedr.dll
2015-07-27 15:07 - 1996-12-19 12:24 - 00068608 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\F5BDKAKU.DLL
2015-07-27 15:07 - 2003-11-20 19:56 - 00020480 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIpl.dll
2015-07-27 15:07 - 2003-11-20 19:56 - 00294912 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIplA6.DLL
2008-12-30 11:23 - 2008-12-30 11:23 - 00214528 _____ () C:\Program Files (x86)\KatMouse\KatMouseH.dll
2015-08-24 08:56 - 2015-08-24 08:56 - 00039384 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-10-13 15:07 - 2015-10-13 15:07 - 01032360 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-05-13 17:31 - 2015-05-13 17:31 - 00125088 _____ () C:\Program Files (x86)\Microsoft Office\Office15\OUTLCTL.DLL
2011-07-18 16:07 - 2011-07-18 16:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2014-01-06 18:42 - 2014-01-06 18:42 - 01611264 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\sqlite.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 09815176 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\NPSWF32.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2016-01-14 20:12 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 20:12 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2016-01-19 18:59 - 2016-01-19 14:06 - 16792256 _____ () C:\Users\nikita.levitan\AppData\Local\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll
2015-12-02 11:58 - 2015-11-16 13:32 - 00919040 _____ () C:\Windows\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:netNLSPreferences
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\nikita.levitan\Local Settings:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Application Data:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\ntclcZGKvrsXc:vimjD0z27AreWtW4c37C4
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Temporary Internet Files:rgG8bPhkCJsBujus6sO

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1935655697-1177238915-682003330-12158\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-01-21 15:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1935655697-1177238915-682003330-12158\Control Panel\Desktop\\Wallpaper -> C:\Users\nikita.levitan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.16.1.1 - 10.16.1.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{29E48850-0377-4ECC-A07C-C87BBBA4C10A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CFEC22E4-3D50-43CC-9359-BFDE3CE337FD}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{927E8AD4-85CA-4A15-94F2-05DE256F177D}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{904D4953-A3B9-477E-AF71-556479823302}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{27A289F4-8BFA-4D57-8392-9A733D6677E1}] => (Allow) C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{14E1CB4B-91F2-4139-AE2C-F42FCF595141}] => (Allow) C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B82146E3-73A7-4140-AF1E-CC9F41E84646}] => (Allow) C:\Users\nikita.levitan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{49C90F5D-58F1-4E5A-8966-235BBA9E041B}] => (Allow) C:\Users\nikita.levitan\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{87F1B73A-E5AC-49CF-8210-87793947A05C}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{30AE8974-76D9-4841-8F95-D2D1E890EBDE}C:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) C:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{A6C6A031-8C96-4D58-827F-38F03CBA1073}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{7241A4BE-D792-4BC5-B16B-D00287731CB2}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{F89F41BB-5D89-4338-88B5-1BA0E687F7AE}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{1ED81298-3388-4700-87F5-464A51A14BD9}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{073F7A47-0A4B-4435-9C5B-737B2B1E4263}] => (Allow) LPort=4481
FirewallRules: [{DC4494BB-AC9F-4E5C-8B3F-49E996B423D7}] => (Allow) LPort=4481
FirewallRules: [{FFBA8C0E-54D7-4AD2-BB29-1293A7A239B9}] => (Allow) LPort=4482
FirewallRules: [{2E617E8A-A9C9-450D-888C-4C7A2F1A9157}] => (Allow) LPort=4482
FirewallRules: [{50DDB34D-3342-4E48-AB71-CDFB5A641ECC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{73B69869-733F-4CCE-A100-AAFC974AA5D0}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{F6F5BAF9-1E56-44A3-BF2A-D3B5E9929803}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{07087580-29C2-472F-A3DE-6BDE7012D921}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{9116C27C-CBF1-4058-9ACA-74418799B723}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{F17E00FD-E8D4-4230-8372-9E292B7E7E7C}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [TCP Query User{546D2808-665C-434A-A46A-CD767686C849}C:\users\nikita.levitan\appdata\local\temp\lmic5d0.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmic5d0.tmp\logmein client.exe
FirewallRules: [UDP Query User{22EDF56E-1AFF-4ABA-94E0-69B6D0768E44}C:\users\nikita.levitan\appdata\local\temp\lmic5d0.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmic5d0.tmp\logmein client.exe
FirewallRules: [TCP Query User{E952BEB5-7454-4798-8EFB-A667CFA9EAE3}C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{E95036B3-0F22-45F9-BA58-AAC253357632}C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe
FirewallRules: [{7DA7B13A-F1E1-4D70-8740-57F8ED815EF5}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{D137DE21-E7B6-4BF6-A1B7-D2249B3A439C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{5A375C0D-5EEE-43FE-8EE9-C288581C7EB0}C:\users\nikita.levitan\appdata\local\temp\lmi6b14.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi6b14.tmp\logmein client.exe
FirewallRules: [UDP Query User{999E4342-ABBE-443A-B550-55C5BAC78104}C:\users\nikita.levitan\appdata\local\temp\lmi6b14.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi6b14.tmp\logmein client.exe
FirewallRules: [TCP Query User{DCEDF089-E78F-44C3-ADC8-B4E7F69F29C0}C:\users\nikita.levitan\appdata\local\temp\lmic88c.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmic88c.tmp\logmein client.exe
FirewallRules: [UDP Query User{DC90CF44-ADD2-410A-8830-9471D35ABCFC}C:\users\nikita.levitan\appdata\local\temp\lmic88c.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmic88c.tmp\logmein client.exe
FirewallRules: [TCP Query User{90185A4C-4EB7-4998-95DC-AB1546F50DCE}C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe
FirewallRules: [UDP Query User{C3375537-74ED-4B81-9B00-77CA027A4A37}C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe
FirewallRules: [{38A56519-8E88-4BCC-B503-D5CBC2A600E1}] => (Block) C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe
FirewallRules: [{98E88C90-BBCD-4C45-BA73-13D24469F092}] => (Block) C:\users\nikita.levitan\appdata\local\temp\lmi71b9.tmp\logmein client.exe
FirewallRules: [TCP Query User{47FB6A5C-17DC-4659-A43E-208C0B784FD2}C:\users\nikita.levitan\appdata\local\temp\lmiaef9.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmiaef9.tmp\logmein client.exe
FirewallRules: [UDP Query User{909379BF-7456-4440-88AC-598F7881160D}C:\users\nikita.levitan\appdata\local\temp\lmiaef9.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmiaef9.tmp\logmein client.exe
FirewallRules: [TCP Query User{25F01FB5-B05F-4190-B333-0012BA9C7598}C:\users\nikita.levitan\appdata\local\temp\lmi8293.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi8293.tmp\logmein client.exe
FirewallRules: [UDP Query User{4C233D83-8F85-4FC1-B413-0DC81629F18F}C:\users\nikita.levitan\appdata\local\temp\lmi8293.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi8293.tmp\logmein client.exe
FirewallRules: [TCP Query User{2A9B8E6D-1D61-4E54-9A5A-3175CAC80C36}C:\users\nikita.levitan\appdata\local\temp\lmi9b2d.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi9b2d.tmp\logmein client.exe
FirewallRules: [UDP Query User{6DCAFB91-0D4A-44B9-AA44-F67F5385ABB7}C:\users\nikita.levitan\appdata\local\temp\lmi9b2d.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi9b2d.tmp\logmein client.exe
FirewallRules: [{9E627A8F-F2C0-4562-BC2E-A9C51A64120F}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{3CA6DD1D-F7F8-4AFB-868A-19D9DEBC84C5}] => (Allow) C:\Program Files (x86)\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [TCP Query User{992C952B-5A3F-4712-BAAD-482330FC8C67}C:\users\nikita.levitan\appdata\local\temp\lmi8ce4.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi8ce4.tmp\logmein client.exe
FirewallRules: [UDP Query User{CDF42934-8564-47F3-BB75-712F9C04B2E7}C:\users\nikita.levitan\appdata\local\temp\lmi8ce4.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi8ce4.tmp\logmein client.exe
FirewallRules: [TCP Query User{D7E28F9D-E3AE-40A4-8C5D-6274590FE2E6}C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe
FirewallRules: [UDP Query User{8A117E55-71B9-4F78-A72D-2EEBD57A11D0}C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.0.1\bin\packettracer6.exe
FirewallRules: [{1D48B102-BD09-4521-A0E7-28073117E07D}] => (Allow) C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
FirewallRules: [{C759B707-D98F-4A26-BDC0-339446BEA800}] => (Allow) C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe
FirewallRules: [{69CCBF73-F32B-4F33-A759-2333A2EAA127}] => (Allow) C:\Program Files (x86)\DVD or CD Sharing\RemoteInstallMacOSX.exe
FirewallRules: [{1B160090-4621-42C4-A458-A2A0C1F445E5}] => (Allow) C:\Program Files (x86)\DVD or CD Sharing\RemoteInstallMacOSX.exe
FirewallRules: [TCP Query User{B28BF26E-E0CE-4B28-AD44-EA88995F98FF}C:\users\nikita.levitan\appdata\local\temp\lmibe71.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmibe71.tmp\logmein client.exe
FirewallRules: [UDP Query User{80678B72-6494-4A67-B8B8-C1AF9FFBD879}C:\users\nikita.levitan\appdata\local\temp\lmibe71.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmibe71.tmp\logmein client.exe
FirewallRules: [TCP Query User{03375510-0B5B-4B18-8E5E-5C6C4AB90E9D}C:\users\nikita.levitan\appdata\local\temp\lmi150d.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi150d.tmp\logmein client.exe
FirewallRules: [UDP Query User{461AE08C-0C3B-4F09-819A-9767A239B2B6}C:\users\nikita.levitan\appdata\local\temp\lmi150d.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi150d.tmp\logmein client.exe
FirewallRules: [TCP Query User{1DC3ADFF-1663-4997-9E6F-2C6433A5DE4F}C:\users\nikita.levitan\appdata\local\temp\lmid5f0.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmid5f0.tmp\logmein client.exe
FirewallRules: [UDP Query User{18D33610-BB1E-46D0-91FE-62A96CEA1AC7}C:\users\nikita.levitan\appdata\local\temp\lmid5f0.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmid5f0.tmp\logmein client.exe
FirewallRules: [TCP Query User{5249ED24-7826-4FCA-AEDF-58D6AB543BDB}C:\users\nikita.levitan\appdata\local\temp\lmi5bca.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi5bca.tmp\logmein client.exe
FirewallRules: [UDP Query User{083EE860-E5CC-49A4-BFFA-7EE3C66BB626}C:\users\nikita.levitan\appdata\local\temp\lmi5bca.tmp\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\temp\lmi5bca.tmp\logmein client.exe
FirewallRules: [TCP Query User{97D8E2E2-4DE3-4196-9ED3-015792153333}C:\users\nikita.levitan\downloads\utorrent.exe] => (Allow) C:\users\nikita.levitan\downloads\utorrent.exe
FirewallRules: [UDP Query User{7360E5BD-498E-4299-8A85-37E83BFDE0E7}C:\users\nikita.levitan\downloads\utorrent.exe] => (Allow) C:\users\nikita.levitan\downloads\utorrent.exe
FirewallRules: [TCP Query User{96BBCE77-A6A8-45D1-B047-6D23C4F83C25}C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4329A183-CBD3-45EC-A5A5-5DE3C38FD64B}C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\nikita.levitan\appdata\local\logmein client\logmein client.exe
FirewallRules: [{B4838073-5D12-48C3-B0B8-21A9994921BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{74745312-B797-4A50-91AD-6BC32591B182}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1E8720D9-5116-4455-9BA2-5AA28F29754D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{50399E08-6A94-46C2-BCD2-D041FAEC0B29}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{03C13D59-4DD9-40C8-835B-BD7F16D4AC14}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{F894BFCE-6290-4731-8D51-F99541137E30}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{5ACDF8E0-8585-4B56-BBE4-4CEFF31A215F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{935BE0B8-5880-46AD-B06E-AE925FB76F25}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A5D625CB-BF0C-4D34-B275-985FF5C5305B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E268CEF4-E418-48FE-8E88-8A1BAB76B8F9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{FE483D1D-BDF4-4A68-8846-F0FE70AF9EE8}C:\users\nikita.levitan\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Block) C:\users\nikita.levitan\downloads\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{451E5671-E4D5-47A0-88C0-0918BE813947}C:\users\nikita.levitan\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Block) C:\users\nikita.levitan\downloads\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{FBB527B8-47C1-4E76-8768-18069D01BDE4}C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.2_34309.exe] => (Block) C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.2_34309.exe
FirewallRules: [UDP Query User{0D7D3689-3D7C-4E75-87EF-5B03F2C14A8B}C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.2_34309.exe] => (Block) C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.2_34309.exe
FirewallRules: [TCP Query User{C7D10D2A-5566-4D41-AD2C-B99B2AFF0330}C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{55E24857-D30F-41EA-AD37-83278EB1AC73}C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Block) C:\users\nikita.levitan\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{97487708-D642-4E0C-976B-4A3DF006A4AC}] => (Allow) C:\Program Files\Ixia\Endpoint\endpoint.exe
FirewallRules: [{FFA3682A-A94A-4C3E-B24B-CD3722932EE0}] => (Allow) C:\Program Files\Ixia\Endpoint\endpoint.exe
FirewallRules: [TCP Query User{D58E95B9-8AB6-4E77-BE4F-6CABBF6CBD5A}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Block) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{97480024-F289-457B-BAB6-71D7BF75C22C}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Block) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{4BE8356C-5030-4400-8BF8-CEA3E752047C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{5614B51E-08A7-4F7B-8F11-1DB043FA1D2D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E6A2BC73-F685-4A6C-8735-812C6FA743E6}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{C14B067E-1C44-4D35-BFBD-43D354E84121}] => (Allow) LPort=12292
FirewallRules: [{45308209-A264-46CC-A9B3-9C8DE1413E55}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F094254F-CD2A-4363-AB3E-3C5DE5A32B67}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9542812E-6B97-4F86-A873-D69F4AB3C5B2}] => (Allow) C:\Users\nikita.levitan\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DAFDB216-30B7-4C31-95FF-4901940EEFC5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{41DD8A38-D155-4E77-9A78-0779070B178C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BBFB81CA-9583-4B2C-863D-D717F4C8E5E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB6BFB30-AAED-41E0-A9D6-2AD025D29E00}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DFB5B1A-E4D6-4F16-BAD5-FDCF02EAD5C0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{42B480B5-1E4E-47DC-9250-28E3D6973A81}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{BB34A74D-209E-48D1-A01E-5C8FF223E5BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{7F413B2D-0992-40D5-B447-257550A2987C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D58D11D0-8DE0-4938-B1D4-7C455C49E0E3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{76568C72-680D-4578-A38D-50550259CA7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D8115BDF-ECCB-4F3F-9C6C-B316E995BB2B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9650CF12-5188-4F76-A9EC-F58E2E990F91}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{C971BD44-7525-4317-85EC-054B5822F02E}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Block) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{BB028F72-2D2E-4316-94DF-27A2D711E0E6}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Block) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{3EF8AF69-97C8-4FC5-8082-E55080C42AD4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{34B29A40-56DD-40AB-BBA8-B5B174F47DE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{9F253A6F-C194-4EAF-9B13-4EDCBC7E2B87}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{6BC20877-AF77-4D01-AD29-C4077D90800A}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{730D4585-02B7-4A9A-A432-10243B39545E}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [TCP Query User{059579A9-805F-4755-AFBE-129951D51E68}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8CE4C8DC-01D6-465F-B5E8-FA82CAE685B0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{075005E2-CA0C-4A45-BD79-897B60CAD4B4}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [UDP Query User{A102FB80-0871-4007-9AD4-7D17B1EBB5B4}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe

==================== Restore Points =========================

21-01-2016 16:22:12 JRT Pre-Junkware Removal
21-01-2016 17:09:25 Windows Update
25-01-2016 11:07:10 Installed 8x8 - Virtual Office

==================== Faulty Device Manager Devices =============

Name: DW1501 Wireless-N WLAN Half-Mini Card
Description: DW1501 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/26/2016 12:34:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2016 05:07:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntuitDataProtect.exe, version: 1.68.21.4002, time stamp: 0x53694c6b
Faulting module name: dblib11.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b9a5ef2
Exception code: 0xc0000005
Fault offset: 0x6510b80d
Faulting process id: 0x1720
Faulting application start time: 0xIntuitDataProtect.exe0
Faulting application path: IntuitDataProtect.exe1
Faulting module path: IntuitDataProtect.exe2
Report Id: IntuitDataProtect.exe3

Error: (01/21/2016 05:04:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntuitDataProtect.exe, version: 1.68.21.4002, time stamp: 0x53694c6b
Faulting module name: dblib11.dll_unloaded, version: 0.0.0.0, time stamp: 0x4b9a5ef2
Exception code: 0xc0000005
Fault offset: 0x651695a0
Faulting process id: 0x1720
Faulting application start time: 0xIntuitDataProtect.exe0
Faulting application path: IntuitDataProtect.exe1
Faulting module path: IntuitDataProtect.exe2
Report Id: IntuitDataProtect.exe3

Error: (01/21/2016 05:02:07 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/21/2016 04:59:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/21/2016 04:59:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/21/2016 04:59:36 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (01/21/2016 04:55:35 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (01/21/2016 04:06:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x2624
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/21/2016 01:20:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (01/27/2016 11:39:08 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{D8B9477C-92A9-4C11-A40A-32672C53B974}.
The backup browser is stopping.

Error: (01/27/2016 12:44:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/27/2016 12:44:06 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/26/2016 12:26:54 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/26/2016 12:26:53 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/25/2016 12:37:46 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/25/2016 12:37:45 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/24/2016 12:48:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/24/2016 12:48:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.

Error: (01/23/2016 12:40:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 43. The internal error state is 252.


CodeIntegrity:
===================================
  Date: 2016-01-21 15:39:22.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 15:39:22.814
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 15:39:22.764
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 15:39:22.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 12:14:06.914
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-01-21 12:14:06.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-12-04 11:07:25.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 21:01:38.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-28 13:27:54.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-10-20 16:43:21.396
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 16232.44 MB
Available physical RAM: 8831.54 MB
Total Virtual: 32463.09 MB
Available Virtual: 24148.51 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:931.51 GB) (Free:252.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Network) (Total:5023.37 GB) (Free:1441.36 GB) NTFS
Drive g: (DATA) (Network) (Total:11177.79 GB) (Free:8888.18 GB) NTFS
Drive z: (Data) (Network) (Total:13413.27 GB) (Free:2598.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FBFFEE59)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Chrome works fine in incognito. I  have several chrome installs sharing my sign in details so i suspect that the extention reinfects on all machines that i am signed in on. Other browsers are fine. I beleive we are looking for a hidden extention here.

 

 

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 27 January 2016 - 02:54 PM

Greetings,

Have you permitted other people to remotely log into your computer? There are several programs on your computer that will allow for remote access.

I am assuming you created this?
 

C:\Users\nikita.levitan\pingwithlog.vbs


You most likely have a compromised Chrome extension which is being spread around by Chrome Sync. What we are going to do is troubleshoot on one computer and if/when we locate the extension(s) we can go through some steps to eliminate it from all the diffferent chrome browsers.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Toolbar: HKU\S-1-5-21-1935655697-1177238915-682003330-12158 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\Users\nikita.levitan\Local Settings:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Application Data:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\ntclcZGKvrsXc:vimjD0z27AreWtW4c37C4
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Temporary Internet Files:rgG8bPhkCJsBujus6sO
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Manually Troubleshooting Google Chrome Plug-ins and Extensions

--------------------
  • Launch Chrome normally
  • In the address bar type chrome://plugins and press Enter
  • Click Disable on all plugins
  • Enable one plugin at a time, restart Chrome and check the performance
  • In the address bar type chrome://extensions and press Enter
  • Uncheck any checked items
  • Enable one extension at a time, restart Chrome and check the performance
  • Identify and report any plugins or extensions causing problems
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Allowing access to others?
  • Fixlog
  • Chrome troubleshooting results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nikitantra

nikitantra
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:36 AM

Posted 27 January 2016 - 03:50 PM

Yes, logmein and teamviewer are allowed.
 
Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by nikita.levitan (2016-01-27 15:17:45) Run:1
Running from C:\Users\nikita.levitan\Desktop
Loaded Profiles: nikita.levitan (Available Profiles: nikita.levitan & Jeff.Schmidt & nladmin & COMP20)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Toolbar: HKU\S-1-5-21-1935655697-1177238915-682003330-12158 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => No File
S4 LMIRfsClientNP; no ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 EraserUtilDrv11510; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11510.sys [X]
S3 EraserUtilDrv11511; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11511.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\nikita.levitan\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\nikita.levitan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\Users\nikita.levitan\Local Settings:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Application Data:AwsmtDlhZyF0q78opcL64bN
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\ntclcZGKvrsXc:vimjD0z27AreWtW4c37C4
AlternateDataStreams: C:\Users\nikita.levitan\AppData\Local\Temporary Internet Files:rgG8bPhkCJsBujus6sO
*****************
 
HKU\S-1-5-21-1935655697-1177238915-682003330-12158\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll => not found.
LMIRfsClientNP => service removed successfully
catchme => service removed successfully
EraserUtilDrv11411 => service removed successfully
EraserUtilDrv11510 => service removed successfully
EraserUtilDrv11511 => service removed successfully
VGPU => service removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-1935655697-1177238915-682003330-12158_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"C:\Users\nikita.levitan\Local Settings" => ":AwsmtDlhZyF0q78opcL64bN" ADS not found.
C:\Users\nikita.levitan\AppData\Local => ":AwsmtDlhZyF0q78opcL64bN" ADS removed successfully.
"C:\Users\nikita.levitan\AppData\Local\Application Data" => ":AwsmtDlhZyF0q78opcL64bN" ADS not found.
C:\Users\nikita.levitan\AppData\Local\ntclcZGKvrsXc => ":vimjD0z27AreWtW4c37C4" ADS removed successfully.
"C:\Users\nikita.levitan\AppData\Local\Temporary Internet Files" => ":rgG8bPhkCJsBujus6sO" ADS not found.
 
==== End of Fixlog 15:17:45 ====
 
Found the issue with chrome. this is the extention we use: Local Explorer - File Manager on web browser
looks like they started to use ads. the trick is to click on options for the extension then opt out and save settings.
thanks for the help, can't belie i did not think of that haha.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 27 January 2016 - 04:17 PM

Nice work :thumbsup2:

We have a little more to do please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 30 January 2016 - 10:41 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,043 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 01 February 2016 - 11:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users