Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Icons keep "refreshing" and programs are non-responsive when a window pops up


  • This topic is locked This topic is locked
19 replies to this topic

#1 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 26 January 2016 - 02:07 AM

So yesterday I downloaded a program on accident that obviously came with malware.

It came with multiple programs and even changed my browser's search engine etc.

I used Malwarebytes and Windows Defender and I feel like I deleted most of the malware but I feel there is still something on my computer because whenever I'm using a program it would sometimes randomly "refresh" meaning the screen would flicker and the icon on the bottom would flicker as well, but nothing happens to the actual window.

 

What I mean by unresponsive when windows pop up is for example when I try to save a Microsoft word file, by either press ctrl+S / File > Save, no window pops up but I lose control of the program like as if the save window actually popped up (you can't type in the document while the save window is up). If I press escape the window briefly appears then disappears and I regain control again. Why is the window hidden?

 

Also whenever I run Avast or Windows Defender they become unresponsive when it gets to around 80% of the scan.

I feel like something is attacking these programs to try to prevent them from cleaning out whatever is left.

 

I'm reading about "rootkits" and I feel like I might have one of those. Thanks to whoever can help me, it would be greatly appreciated and I am glad to provide anymore information you need.

 

Windows 8


Edited by kelvinhe, 26 January 2016 - 03:47 PM.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 26 January 2016 - 09:34 PM

Hello kelvinhe, and welcome to Bleeping Computer! :thumbsup:

My name is bloopie and I'll be helping you with your issues as best I can! :thumbup2:

==========
 
Step :step1:

You mentioned you ran MBAM and Windows Defender...could you please post the last MBAM log so we can see what it detected/removed?

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


==========

Step :step2:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
====================

Once we get some logs posted, that will help us better determine the next best steps to take, and we'll go from there. :)
 
If you still have trouble locating the MBAM scan logs, please post back and let me know! :wink:

And if you have any questions along the way, don't hesitate to ask.

bloopie

Edited by bloopie, 26 January 2016 - 09:34 PM.


#3 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 27 January 2016 - 01:30 AM

I cannot find any scan logs, only a protection log, even though I have scanned at least 3 times. I might have accidently cleared them because I used AVG's PC Tuneup and freed up some space so I might have deleted it on accident. I'll scan again right now and post the newest log if that is ok

 

Thank you for taking the time to help me


Edited by kelvinhe, 27 January 2016 - 01:35 AM.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:56 AM

Posted 27 January 2016 - 08:52 AM

Hello again,
 

Thank you for taking the time to help me

Not a problem, it's my pleasure. :)

 

==========

 

I'll scan again right now and post the newest log if that is ok

Yes, in this case, that's okay. Be sure to update MBAM before running the scan and remove anything it finds...then post the log here for review.

 

Once that's done, you can move on to the Step :step2:  from my previous post and post that log as well in your next reply.

 

==============================

 

A Note: While we're working together, please try to keep in mind that running tools without my instruction to do so, may hamper the cleaning process rather than help it. I will let you know when you're all set and good to go.

 

Also, please be sure to copy and paste all logs into your posts...do not attach them or put codeboxes around them (you won't have the option to attach logs in this forum (Am I Infected), but if I need to move the thread to the Malware Removal Logs forum, you will have the attaching capability there but please don't use it) unless otherwise instructed to do so.

 

I very much appreciate your cooperation! :thumbup2:

 

bloopie



#5 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 27 January 2016 - 07:19 PM

Alright I have all the logs, I ran ADW before MBAM before I even posted this topic and it had some stuff, but I cleaned everything. I'll post my most recent MBAM log, my first ADW log then my most recent ADW log in that order.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/27/2016
Scan Time: 9:01 AM
Logfile: MBAM Log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.27.03
Rootkit Database: v2016.01.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Kelvin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365084
Time Elapsed: 13 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
# AdwCleaner v5.031 - Logfile created 25/01/2016 at 18:29:06
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kelvin - KELVINS_LAPTOP
# Running from : C:\Users\Kelvin\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : ApplicationHosting
Service Found : Medlight
Service Found : xiwosuryzbt
 
***** [ Folders ] *****
 
Folder Found : C:\_acestream_cache_
Folder Found : C:\Program Files (x86)\Uninstall Nexus
Folder Found : C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl
Folder Found : C:\Users\Kelvin\AppData\LocalLow\.acestream
Folder Found : C:\Users\Kelvin\AppData\Roaming\.acestream
Folder Found : C:\Users\Kelvin\AppData\Roaming\acestream
Folder Found : C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
 
***** [ Files ] *****
 
File Found : C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage
File Found : C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nonjdcjchghhkdoolnlbekcfllmednbl_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : updateTask
Task Found : FXNUXHPYWBMWUUIM
Task Found : FXNUXHPYWBMWUUIM
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Classes\Applications\ace_player.exe
Key Found : HKCU\Software\Classes\AudioCD\shell\PlayWithACEStream
Key Found : HKCU\Software\Classes\DVD\shell\PlayWithACEStream
Key Found : HKCU\Software\Classes\MIME\Database\Content Type\application/x-acestream-plugin
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayCDAudioOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDAudioOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayDVDMovieOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayMusicFilesOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlaySVCDMovieOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVCDMovieOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ACEStreamPlayVideoFilesOnArrival
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acelive
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acemedia
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.acestream
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tslive
Key Found : HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.0
Key Found : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : HKCU\Software\Classes\CLSID\{79690976-ED6E-403C-BBBA-F8928B5EDE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}
Key Found : HKCU\Software\AceStream
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\Microsoft\Tinstalls
Key Found : HKCU\Software\tstamptoken
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SU
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AceStream
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\DAILYPCCLEAN
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Tinstalls
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\tstamptoken
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Tutorials
Key Found : HKU\S-1-5-21-1193186160-3758986196-1053212473-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found : HKCU\Software\Classes\.acelive
Key Found : HKCU\Software\Classes\.acemedia
Key Found : HKCU\Software\Classes\.acestream
Key Found : HKCU\Software\Classes\.tslive
Key Found : HKCU\Software\Classes\acestream
Key Found : HKCU\Software\Classes\AceStream.CDAudio
Key Found : HKCU\Software\Classes\AceStream.DVDMovie
Key Found : HKCU\Software\Classes\AceStream.file
Key Found : HKCU\Software\Classes\AceStream.OPENFolder
Key Found : HKCU\Software\Classes\AceStream.SVCDMovie
Key Found : HKCU\Software\Classes\AceStream.VCDMovie
 
***** [ Web browsers ] *****
 
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : axife-mouse-recorder.en.softonic.com
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : gedit.en.softonic.com
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M97CA225A-1134-45EE-A6F7-8649900EA7A4&SearchSource=55&CUI=&UM=8&UP=SP596CB5B1-C8CF-4106-8179-561FACAD2C06&D=012416&SSPV=
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcgnigmofekcllgbiejhmigggmgehkip
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nonjdcjchghhkdoolnlbekcfllmednbl
[C:\Users\Kelvin\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Kelvin\AppData\Local\Comodo\Chromodo\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7899 bytes] ##########
 
 
 
# AdwCleaner v5.031 - Logfile created 27/01/2016 at 18:09:08
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kelvin - KELVINS_LAPTOP
# Running from : C:\Users\Kelvin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M97CA225A-1134-45EE-A6F7-8649900EA7A4&SearchSource=55&CUI=&UM=8&UP=SP596CB5B1-C8CF-4106-8179-561FACAD2C06&D=012416&SSPV=
[C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nonjdcjchghhkdoolnlbekcfllmednbl
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [999 bytes] ##########
 
 


#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 27 January 2016 - 08:13 PM

Hello again Kelvin,

Okay, good work and thanks for the logs! :thumbup2:

Just FYI, I have moved this thread to the Malware Removal Logs forum so we can get some more logs from Farbar Recovery Scan Tool (aka FRST), and make sure you're thoroughly clean. :)
 
==========

Step :step1:

In that last log from the AdwCleaner scan, trovi is showing in your startup URL's. Do you notice anything from trovi currently?
 
Please run AdwCleaner again, and after another scan, select Clean. Then copy/paste the log from the cleaning.
 
====================

Once that's done,

Step :step2:

Please follow the below instructions to run FRST and post those logs:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. You will need the 64-bit version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==============================

In your next reply, please include the following:
  • The cleaning log from AdwCleaner
  • The FRST.txt log
  • The Addition.txt log
And please let me know if you're still experiencing the original problem you were having, along with any others you'd like me to be aware of! :)

bloopie

#7 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 27 January 2016 - 09:44 PM

The same problems I have right now are:

  • When I startup my computer, usually the first program I open, for example Chrome, the names and screen will flash repeatedly. The name will go back and forth between ex: Google Chrome => Google Chrome (Not Responding) => Google Chrome until I click on the top a few times then it will stop. I feel like something may be attacking the program while another program is restraining it or something.
  • Whenever I use my music making program (FL Studio 12), for the first hour or so I can access the save menu / other plugin windows. After an hour or so the same problem will happen where the pop-up window won't appear so I can't click anywhere unless I press escape, then the window I would be looking for would flash and disappear. This one I am not sure if it is because of malware, I might have disabled a setting using the AVG Tuneup or something (I regret doing that lol)

And a new thing I have noticed, maybe not as much as a problem but just something different:

  • Whenever I open a malwarebytes, adwcleaner or FRST, the User Account Control prompt comes up. It looks something like this:
  • 310px-Windows_7_UAC.png
  • I've never had these windows pop-up before and they don't pop up when I open other files. I don't know if this is significant but I thought I'd mention it. This started happening before I ran FRST, it happened during my first Malwarebytes scan.

 

Here are the logs, again thanks for helping me out along the process, I really appreciate it!

 

# AdwCleaner v5.031 - Logfile created 27/01/2016 at 20:23:08
# Updated 25/01/2016 by Xplode
# Database : 2016-01-25.3 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Kelvin - KELVINS_LAPTOP
# Running from : C:\Users\Kelvin\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M97CA225A-1134-45EE-A6F7-8649900EA7A4&SearchSource=55&CUI=&UM=8&UP=SP596CB5B1-C8CF-4106-8179-561FACAD2C06&D=012416&SSPV=
[-] [C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : nonjdcjchghhkdoolnlbekcfllmednbl
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1103 bytes] ##########
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Kelvin (administrator) on KELVINS_LAPTOP (27-01-2016 20:28:01)
Running from C:\Users\Kelvin\Desktop
Loaded Profiles: Kelvin (Available Profiles: Kelvin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(American Megatrends Inc.) C:\Program Files\AMI\DuOS\AndServMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Flux Software LLC) C:\Users\Kelvin\AppData\Local\FluxSoftware\Flux\flux.exe
(Dropbox, Inc.) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)
HKLM\...\Run: [ISCT Tray] => c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-04-24] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3349504 2013-03-11] ()
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3586848 2016-01-19] (Nota Inc.)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Spotify Web Helper] => C:\Users\Kelvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2016-01-26] (Spotify Ltd)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Facebook Update] => C:\Users\Kelvin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-09-16] (Facebook Inc.)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Dropbox Update] => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Spotify] => C:\Users\Kelvin\AppData\Roaming\Spotify\Spotify.exe [8316528 2016-01-26] (Spotify Ltd)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [45296 2016-01-06] (Overwolf LTD)
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Run: [f.lux] => C:\Users\Kelvin\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{87B0BA41-66B2-4C33-AE58-1220BC386FCF}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{87B0BA41-66B2-4C33-AE58-1220BC386FCF}: [DhcpNameServer] 66.112.235.250 66.112.235.200
Tcpip\..\Interfaces\{CC1E8685-13EC-4362-ACEE-3B6AA210CC0B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{D6B2CE80-4D7D-496E-A2B6-D7A30CB2A7FA}: [DhcpNameServer] 66.112.235.250 66.112.235.200
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001 -> {1E916F27-7392-45DA-930F-3196194182F0} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: No Name -> {607A7539-162B-44EE-ACF8-4CD20B42C760} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-05] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-05] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-14] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Kelvin\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-1193186160-3758986196-1053212473-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Kelvin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Kelvin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M97CA225A-1134-45EE-A6F7-8649900EA7A4&SearchSource=55&CUI=&UM=8&UP=SP596CB5B1-C8CF-4106-8179-561FACAD2C06&D=012416&SSPV=","hxxps://piazza.com/class/ijlnyk1m4h731e"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Magic Actions for YouTube™) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2015-12-10]
CHR Extension: (Google Docs) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
CHR Extension: (YouTube) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-01-25]
CHR Extension: (Google Search) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Tampermonkey) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-12-10]
CHR Extension: (Google Docs Offline) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-16]
CHR Extension: (StayFocusd) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2014-11-11]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2015-12-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
CHR Extension: (Click&Clean App) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-10-29]
CHR Extension: (Gmail) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AndServMgr; C:\Program Files\AMI\DuOS\AndServMgr.exe [82384 2015-08-06] (American Megatrends Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1587640 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-14] (brother Industries Ltd)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [123608 2015-07-07] (altPUG LLC)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [120016 2014-04-03] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-04-25] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-04-24] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-11-19] ()
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1009904 2016-01-06] (Overwolf LTD)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-11-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2014-02-03] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419064 2014-02-21] (Motorola Solutions, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 DuoVMDrv; C:\Windows\system32\DRIVERS\DuoVMDrv.sys [239536 2015-07-31] (American Megatrends Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [186064 2014-04-03] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-02-03] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-02-03] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-04-03] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD.sys [44744 2014-02-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3494680 2015-03-09] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [26624 2014-03-22] (Synaptics Incorporated)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-09-08] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-09-08] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 XENfiltv; C:\Windows\system32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 MpKsldd09faf3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8860BDB5-8C6C-41FD-B46A-34A3974606A6}\MpKsldd09faf3.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 20:28 - 2016-01-27 20:28 - 00034410 _____ C:\Users\Kelvin\Desktop\FRST.txt
2016-01-27 20:27 - 2016-01-27 20:28 - 00000000 ____D C:\FRST
2016-01-27 20:26 - 2016-01-27 20:26 - 02370560 _____ (Farbar) C:\Users\Kelvin\Desktop\FRST64.exe
2016-01-27 18:16 - 2016-01-27 18:16 - 00001044 _____ C:\Users\Kelvin\Desktop\MBAM Log.txt
2016-01-27 09:16 - 2016-01-27 09:16 - 00166051 _____ C:\Users\Kelvin\Downloads\Test I Study Guide spring 2016 1-7.pdf
2016-01-27 09:14 - 2016-01-27 09:14 - 00606290 _____ C:\Users\Kelvin\Downloads\303 syllabus spring 2016 - 1 - 18.pdf
2016-01-27 09:11 - 2016-01-27 09:11 - 00509577 _____ C:\Users\Kelvin\Downloads\1-27-16 Med. Term. 1c.pptx
2016-01-27 00:41 - 2016-01-27 00:41 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-27 00:32 - 2016-01-27 00:32 - 01507840 _____ C:\Users\Kelvin\Desktop\AdwCleaner.exe
2016-01-26 20:14 - 2016-01-26 20:14 - 00001032 _____ C:\Users\Public\Desktop\Kontakt 5.lnk
2016-01-26 20:14 - 2016-01-26 20:14 - 00000000 __HDC C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}
2016-01-26 18:30 - 2016-01-26 18:30 - 00016159 _____ C:\Users\Kelvin\Downloads\[kat.cr]native.instruments.kontakt.5.standalone.vsti.rtas.v5.0.0.x86.x64.assign.ds.torrent
2016-01-26 14:44 - 2016-01-26 14:46 - 00003194 _____ C:\Users\Kelvin\Desktop\Rkill.txt
2016-01-26 01:15 - 2016-01-26 01:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-26 01:14 - 2016-01-26 01:46 - 00000000 ____D C:\Users\Kelvin\Desktop\mbar
2016-01-26 01:10 - 2016-01-26 01:17 - 00000666 _____ C:\Users\Kelvin\Desktop\avgrep.txt
2016-01-26 00:44 - 2016-01-26 00:44 - 00380416 _____ C:\Users\Kelvin\Desktop\vx1ltsuw.exe
2016-01-25 19:10 - 2016-01-25 19:10 - 00000000 ____D C:\ProgramData\kingsoft
2016-01-25 19:02 - 2016-01-25 22:07 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\AVG
2016-01-25 19:01 - 2016-01-25 19:01 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\TuneUp Software
2016-01-25 18:58 - 2016-01-25 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-25 18:54 - 2016-01-25 18:54 - 00000000 ___HD C:\$AVG
2016-01-25 18:51 - 2016-01-27 19:27 - 00000000 ____D C:\ProgramData\MFAData
2016-01-25 18:51 - 2016-01-25 18:51 - 00000000 ____D C:\Users\Kelvin\AppData\Local\MFAData
2016-01-25 18:50 - 2016-01-25 18:50 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk
2016-01-25 18:50 - 2016-01-25 18:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-01-25 18:49 - 2016-01-27 00:50 - 00000000 ____D C:\Users\Kelvin\AppData\Local\AvgSetupLog
2016-01-25 18:49 - 2016-01-25 22:07 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Avg
2016-01-25 18:49 - 2016-01-25 22:07 - 00000000 ____D C:\ProgramData\Avg
2016-01-25 18:49 - 2016-01-25 22:07 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-25 18:29 - 2016-01-27 20:23 - 00000000 ____D C:\AdwCleaner
2016-01-25 18:15 - 2016-01-25 18:15 - 00003124 _____ C:\Windows\System32\Tasks\{7BC8CDDD-88FE-4797-A2FB-291A3B021786}
2016-01-25 00:21 - 2016-01-27 20:25 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 00:21 - 2016-01-26 01:14 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-25 00:21 - 2016-01-25 00:21 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-25 00:21 - 2016-01-25 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 00:21 - 2016-01-25 00:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-25 00:21 - 2016-01-25 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-25 00:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-25 00:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-25 00:16 - 2016-01-25 00:16 - 00001648 _____ C:\Windows\SysWOW64\apply.reg
2016-01-25 00:16 - 2016-01-25 00:16 - 00000089 _____ C:\Windows\SysWOW64\apply.bat
2016-01-24 23:57 - 2016-01-24 23:57 - 00000771 _____ C:\Windows\SysWOW64\soft.exe
2016-01-24 23:56 - 2016-01-24 23:56 - 00000000 _____ C:\Windows\SysWOW64\x64.txt
2016-01-24 23:52 - 2016-01-24 23:52 - 00003570 _____ C:\Windows\System32\Tasks\GoogleUp
2016-01-24 23:52 - 2016-01-24 23:52 - 00003562 _____ C:\Windows\System32\Tasks\import
2016-01-24 23:52 - 2016-01-24 23:52 - 00003444 _____ C:\Windows\System32\Tasks\MyDailyBackup
2016-01-24 23:52 - 2016-01-24 23:52 - 00003440 _____ C:\Windows\System32\Tasks\win
2016-01-24 23:51 - 2016-01-24 23:51 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\kingsoft
2016-01-24 23:50 - 2016-01-24 23:50 - 00003458 _____ C:\Windows\System32\Tasks\Suagnoonkraa
2016-01-24 23:41 - 2016-01-24 23:40 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-01-24 23:37 - 2016-01-24 23:37 - 00041472 _____ C:\Users\Kelvin\AppData\Local\Scotcane.dat
2016-01-24 23:37 - 2016-01-24 23:37 - 00000187 _____ C:\Users\Kelvin\AppData\Local\Scotcane.exe.config
2016-01-24 23:37 - 2016-01-24 23:37 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Mozilla
2016-01-24 23:35 - 2016-01-26 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-01-24 23:35 - 2016-01-26 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2016-01-24 23:35 - 2016-01-24 23:35 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Comodo
2016-01-24 15:24 - 2016-01-26 21:24 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Native Instruments
2016-01-24 15:23 - 2016-01-26 21:24 - 00000000 ____D C:\Users\Kelvin\Documents\Native Instruments
2016-01-24 15:03 - 2016-01-24 15:03 - 00001388 _____ C:\Users\Public\Desktop\Guitar Rig 5.lnk
2016-01-24 15:02 - 2016-01-24 15:02 - 00000000 ____D C:\Program Files\Common Files\Avid
2016-01-24 15:01 - 2016-01-24 15:01 - 00001112 _____ C:\Users\Public\Desktop\Controller Editor.lnk
2016-01-24 15:00 - 2016-01-26 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-01-24 15:00 - 2016-01-26 20:11 - 00000000 ____D C:\Program Files\Native Instruments
2016-01-24 15:00 - 2016-01-26 20:11 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-01-24 15:00 - 2016-01-24 15:01 - 00000000 ____D C:\ProgramData\Native Instruments
2016-01-24 15:00 - 2016-01-24 15:00 - 00001077 _____ C:\Users\Public\Desktop\Service Center.lnk
2016-01-20 18:40 - 2016-01-20 18:44 - 00000584 _____ C:\Users\Kelvin\AppData\Roaming\onecal.xml
2016-01-20 18:40 - 2016-01-20 18:40 - 00003888 _____ C:\Users\Kelvin\AppData\Roaming\OneCal.emf
2016-01-20 18:39 - 2016-01-20 18:39 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Onetastic
2016-01-20 18:39 - 2016-01-20 18:39 - 00000000 ____D C:\Program Files (x86)\Onetastic
2016-01-17 05:56 - 2016-01-17 05:56 - 00000000 ____D C:\Users\Kelvin\AppData\Local\My Games
2016-01-17 05:55 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-01-17 05:55 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-01-17 05:55 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-01-17 05:55 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-01-17 05:55 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-01-17 05:55 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-01-17 05:55 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-01-17 05:55 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-01-17 05:55 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-01-17 05:55 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-01-17 05:55 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-01-17 05:55 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-01-17 05:55 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-01-17 05:55 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-01-17 05:55 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-01-17 05:55 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-01-17 05:55 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-01-17 05:55 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-01-17 05:55 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-01-17 05:55 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-01-17 05:55 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-01-17 05:55 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-01-17 05:55 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-01-17 05:55 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-01-17 05:55 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-01-17 05:55 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-01-17 05:55 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-01-17 05:55 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-01-17 05:55 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-01-17 05:55 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-01-17 05:55 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-01-17 05:55 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-01-17 05:55 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-01-17 05:54 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-01-17 05:54 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-01-17 05:54 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-01-17 05:54 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-01-17 05:54 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-01-17 05:54 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-01-17 05:54 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-01-17 05:54 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-01-17 05:54 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-01-17 05:54 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-01-17 05:54 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-01-17 05:54 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-01-17 05:54 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-01-17 05:54 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-01-17 05:54 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-01-17 05:54 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-01-17 05:54 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-01-17 05:54 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-01-17 05:54 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-01-17 05:54 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-01-17 05:54 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-01-17 05:54 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-01-17 05:54 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-01-17 05:54 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-01-17 05:54 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-01-17 05:54 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-01-17 05:54 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-01-17 05:54 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-01-17 05:54 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-01-17 05:54 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-01-17 05:54 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-01-17 05:54 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-01-17 05:54 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-01-17 05:54 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-01-17 05:54 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-01-17 05:54 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-01-17 05:54 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-01-17 05:54 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-01-17 05:54 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-01-17 05:54 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-01-17 05:54 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-01-17 05:54 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-01-17 05:54 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-01-17 05:54 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-01-17 05:54 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-01-17 05:54 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-01-17 05:54 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-01-17 05:54 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-01-17 05:54 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-01-17 05:54 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-01-17 05:54 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-01-17 05:54 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-01-17 05:54 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-01-17 05:54 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-01-17 05:54 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-01-17 05:54 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-01-17 05:54 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-01-17 05:54 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-01-17 05:54 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-01-17 05:54 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-01-17 05:54 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-01-17 05:54 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-01-17 05:54 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-01-17 05:54 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-01-17 05:54 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-01-17 05:54 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-01-17 05:54 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-01-17 05:54 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-01-17 05:54 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-01-17 05:54 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-01-17 05:54 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-01-17 05:54 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-01-17 05:54 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-01-17 05:54 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-01-17 05:54 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-01-17 05:54 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-01-17 03:18 - 2016-01-17 17:48 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Curse Client
2016-01-17 03:18 - 2016-01-17 03:18 - 00001095 _____ C:\Users\Kelvin\Desktop\Curse.lnk
2016-01-17 03:18 - 2016-01-17 03:18 - 00001081 _____ C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-01-17 03:17 - 2016-01-17 03:17 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Curse
2016-01-17 03:15 - 2016-01-17 03:15 - 00000220 _____ C:\Users\Kelvin\Desktop\Sid Meier's Civilization V.url
2016-01-16 00:23 - 2016-01-16 01:48 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\discord
2016-01-16 00:23 - 2016-01-16 00:23 - 00002225 _____ C:\Users\Kelvin\Desktop\Discord.lnk
2016-01-16 00:23 - 2016-01-16 00:23 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-01-16 00:22 - 2016-01-16 00:23 - 00000000 ____D C:\Users\Kelvin\AppData\Local\SquirrelTemp
2016-01-16 00:22 - 2016-01-16 00:23 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Discord
2016-01-14 04:30 - 2016-01-14 04:30 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2016-01-14 04:30 - 2016-01-14 04:30 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2016-01-14 04:30 - 2016-01-14 04:30 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dada Life
2016-01-12 17:59 - 2016-01-12 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sylenth1
2016-01-10 23:13 - 2016-01-10 23:13 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-10 23:13 - 2016-01-10 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-10 23:13 - 2016-01-10 23:13 - 00000000 ____D C:\Program Files\iTunes
2016-01-10 23:13 - 2016-01-10 23:13 - 00000000 ____D C:\Program Files\iPod
2016-01-10 23:13 - 2016-01-10 23:13 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-06 17:08 - 2016-01-06 17:08 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2016-01-06 17:08 - 2016-01-06 17:08 - 00000000 ____D C:\Program Files (x86)\SamsungPrinterLiveUpdate
2016-01-04 03:23 - 2016-01-04 03:23 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-27 20:27 - 2014-09-01 15:21 - 01699840 ___SH C:\Users\Kelvin\Downloads\Thumbs.db
2016-01-27 20:27 - 2014-08-08 13:40 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-01-27 20:25 - 2015-11-13 18:59 - 00003278 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2016-01-27 20:25 - 2015-09-09 23:18 - 00000000 ____D C:\Users\Kelvin\AppData\Local\LogMeIn Hamachi
2016-01-27 20:25 - 2014-08-23 04:07 - 00000000 ___RD C:\Users\Kelvin\Dropbox
2016-01-27 20:25 - 2014-08-21 23:25 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Dropbox
2016-01-27 20:25 - 2014-08-21 23:24 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 20:25 - 2014-08-21 23:07 - 00000000 ___DO C:\Users\Kelvin\OneDrive
2016-01-27 20:24 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-27 20:23 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-27 19:54 - 2014-08-21 23:24 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 19:41 - 2015-06-29 02:31 - 00000952 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA.job
2016-01-27 18:07 - 2014-09-16 23:02 - 00000962 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA.job
2016-01-27 16:56 - 2014-08-21 23:10 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2EBA0DE5-948A-43E9-8A77-4EB2E801DF05}
2016-01-27 09:11 - 2014-08-21 23:04 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Packages
2016-01-27 01:19 - 2014-08-21 23:09 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1193186160-3758986196-1053212473-1001
2016-01-27 01:19 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2016-01-27 00:51 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2016-01-27 00:46 - 2014-03-18 03:53 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-27 00:40 - 2014-09-16 23:02 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core.job
2016-01-27 00:25 - 2014-08-22 09:52 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Spotify
2016-01-26 23:30 - 2014-08-22 09:52 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Spotify
2016-01-26 22:19 - 2015-10-31 14:34 - 00003728 _____ C:\Windows\System32\Tasks\Overwolf Updater Task
2016-01-26 22:19 - 2014-09-16 23:02 - 00003812 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA
2016-01-26 22:19 - 2014-09-16 23:02 - 00003462 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core
2016-01-26 22:19 - 2014-08-21 23:24 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-26 22:19 - 2014-08-21 23:24 - 00003672 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-26 21:43 - 2014-08-21 23:44 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\uTorrent
2016-01-26 20:41 - 2015-06-29 02:31 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core.job
2016-01-26 20:06 - 2014-08-24 20:35 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-26 20:01 - 2014-08-23 03:46 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Battle.net
2016-01-26 18:37 - 2014-08-21 23:52 - 00000000 ____D C:\Users\Kelvin\Desktop\Torrent Stuff
2016-01-26 18:23 - 2015-01-21 18:23 - 00000000 ____D C:\Users\Kelvin\AppData\Local\Microsoft Help
2016-01-26 18:23 - 2014-08-21 23:49 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Skype
2016-01-26 18:22 - 2015-11-10 18:21 - 00000000 ____D C:\Users\Kelvin\.thumbnails
2016-01-26 18:21 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-26 01:14 - 2014-08-24 21:22 - 00000000 ____D C:\Users\Kelvin\AppData\Local\ElevatedDiagnostics
2016-01-25 19:03 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-01-25 18:57 - 2013-08-22 09:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-25 00:51 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Globalization
2016-01-25 00:03 - 2014-08-21 23:03 - 00000000 ____D C:\Users\Kelvin
2016-01-24 23:42 - 2015-05-20 15:54 - 00000000 __SHD C:\Users\Kelvin\AppData\Local\EmieBrowserModeList
2016-01-24 23:42 - 2014-08-21 23:10 - 00000000 __SHD C:\Users\Kelvin\AppData\Local\EmieUserList
2016-01-24 23:42 - 2014-08-21 23:10 - 00000000 __SHD C:\Users\Kelvin\AppData\Local\EmieSiteList
2016-01-24 23:37 - 2014-08-21 23:25 - 00002217 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-24 23:37 - 2014-08-21 23:04 - 00001436 _____ C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-23 15:21 - 2015-12-06 03:33 - 00000000 ____D C:\Users\Kelvin\Desktop\Production
2016-01-22 20:34 - 2015-10-31 14:34 - 00000000 ____D C:\Program Files (x86)\Overwolf
2016-01-22 19:10 - 2015-08-26 17:02 - 00000000 ____D C:\Users\Kelvin\Desktop\School
2016-01-22 19:07 - 2015-09-21 23:55 - 00000000 ____D C:\Users\Kelvin\.VirtualBox
2016-01-20 20:40 - 2015-07-09 18:33 - 00003424 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2016-01-20 20:40 - 2014-08-21 23:29 - 00003298 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2016-01-20 20:40 - 2014-08-21 23:29 - 00000000 ____D C:\Program Files (x86)\Gyazo
2016-01-18 20:06 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2016-01-17 22:38 - 2014-08-21 23:49 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-17 05:55 - 2014-11-07 22:23 - 00000000 ____D C:\Users\Kelvin\Documents\My Games
2016-01-17 03:15 - 2014-10-14 01:48 - 00000000 ____D C:\Users\Kelvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-15 16:41 - 2015-11-12 20:41 - 00346797 _____ C:\Users\Kelvin\Desktop\Current Resume.pdf
2016-01-12 17:04 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2016-01-11 20:33 - 2014-08-21 23:49 - 00000000 ____D C:\ProgramData\Skype
2016-01-10 23:13 - 2014-10-04 01:19 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-12-29 04:31 - 2013-08-22 09:36 - 00000000 ___HD C:\Program Files\WindowsApps
 
==================== Files in the root of some directories =======
 
2015-12-06 13:22 - 2009-10-23 23:00 - 5811712 _____ (reFX) C:\Program Files (x86)\Nexus.dll
2016-01-20 18:40 - 2016-01-20 18:40 - 0003888 _____ () C:\Users\Kelvin\AppData\Roaming\OneCal.emf
2016-01-20 18:40 - 2016-01-20 18:44 - 0000584 _____ () C:\Users\Kelvin\AppData\Roaming\onecal.xml
2015-10-08 21:12 - 2015-11-03 22:32 - 0000600 _____ () C:\Users\Kelvin\AppData\Roaming\winscp.rnd
2015-10-08 19:59 - 2015-10-11 18:56 - 0000600 _____ () C:\Users\Kelvin\AppData\Local\PUTTY.RND
2015-11-10 18:26 - 2015-11-10 18:26 - 0001498 _____ () C:\Users\Kelvin\AppData\Local\recently-used.xbel
2016-01-24 23:37 - 2016-01-24 23:37 - 0041472 _____ () C:\Users\Kelvin\AppData\Local\Scotcane.dat
2016-01-24 23:37 - 2016-01-24 23:37 - 0000187 _____ () C:\Users\Kelvin\AppData\Local\Scotcane.exe.config
2014-08-08 13:15 - 2014-08-08 13:15 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Kelvin\AppData\Local\Temp\atdl.exe
C:\Users\Kelvin\AppData\Local\Temp\nsu83B9.exe
C:\Users\Kelvin\AppData\Local\Temp\OfficeAssist.0744.80.1211.exe
C:\Users\Kelvin\AppData\Local\Temp\qqpcmgr_v10.7.16066.216_71715_Silence.exe
C:\Users\Kelvin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-27 01:19
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Kelvin (2016-01-27 20:28:50)
Running from C:\Users\Kelvin\Desktop
Windows 8.1 (X64) (2014-08-22 05:03:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1193186160-3758986196-1053212473-500 - Administrator - Disabled)
Guest (S-1-5-21-1193186160-3758986196-1053212473-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1193186160-3758986196-1053212473-1003 - Limited - Enabled)
Kelvin (S-1-5-21-1193186160-3758986196-1053212473-1001 - Administrator - Enabled) => C:\Users\Kelvin
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Anker Precision Laser Gaming Mouse version 1.1 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.1 - ANKER Technology)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Axife Mouse Recorder Standard (HKLM-x32\...\Axife Mouse Recorder Standard_is1) (Version: Standard V6.0.1 - AutomaticSolution Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueJ (HKLM-x32\...\{7D66971C-652B-4065-A6B1-B3EE313C254B}) (Version: 3.1.1 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version:  - The Behemoth)
CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )
CoffeeCup Free HTML Editor (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\CoffeeCup Free HTML Editor) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.51 - Synaptics Incorporated)
Discord (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dropbox (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
DuOS (HKLM\...\{8CE9E5DD-D523-44F2-8DE7-0439310EA984}) (Version: 2.0.3.7527 - American Megatrends Inc.)
f.lux (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FileZilla Client 3.13.1 (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\FileZilla Client) (Version: 3.13.1 - Tim Kosse)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
FreeStyle2: Street Basketball (HKLM-x32\...\Steam App 339610) (Version:  - Joycity)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
gedit 2.30.1 (HKLM-x32\...\gedit_is1) (Version: 2.30.1 - GNOME)
Genymotion version 2.5.4 (HKLM\...\{6D180286-D4DF-40EF-9227-923B9C07C08A}_is1) (Version: 2.5.4 - Genymobile)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Git version 2.6.2 (HKLM\...\Git_is1) (Version: 2.6.2 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gyazo 3.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Intel Experience Center - Configuration (x32 Version: 1.7.0.179 - Intel) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Experience Center Desktop Software (HKLM-x32\...\{3608ec0a-56b4-4d9d-b038-9b3e51d72582}) (Version: 1.7.0.179 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{1D5C9D08-546D-4A7E-B0F1-F33E94257B09}) (Version: 5.0.10.2832 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{313c06de-4aa7-4a1f-930a-f10f80380426}) (Version: 17.14.0 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microphone Pass-through(Playback) Emulator 1.5.1 (HKLM-x32\...\{9AD0C1EE-A944-43D6-97A5-D8BB7BCAF2F8}_is1) (Version: 1.5.1 - Majiastic Computer)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft1.7.10 (HKLM-x32\...\Minecraft1.7.10) (Version:  - )
Mouse Macro Recorder 2.5.1 (HKLM-x32\...\{E290CF70-C9EA-4C9E-8B41-20E5FFDF2E64}_is1) (Version:  - Mouse Macro Recorder Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.0.2770 - Native Instruments)
Native Instruments Guitar Rig Mobile IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Mobile IO Driver) (Version:  - Native Instruments)
Native Instruments Guitar Rig Session IO Driver (HKLM-x32\...\Native Instruments Guitar Rig Session IO Driver) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Rig Kontrol 3 Driver (HKLM-x32\...\Native Instruments Rig Kontrol 3 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.4.4.1428 - Native Instruments)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 5.0.4 (HKLM\...\{FC191F32-1A67-4231-91D0-0059A57C99A8}) (Version: 5.0.4 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.91.246.0 - Overwolf Ltd.)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12952.91 - raidcall.com)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 5.0.89.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version:  - )
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Spotify) (Version: 1.0.20.101.ge6957e14 - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0046 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Sublime Text Build 3083 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Sylenth1 Demo v2.20 (HKLM-x32\...\Sylenth1Demo_is1) (Version:  - )
System Requirements Lab CYRI (HKLM-x32\...\{19B0831B-0C18-4103-86E4-90FCD04CD3B9}) (Version: 6.0.12.5 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{04471340-67D5-4F7C-B7E9-FEB2355B3496}) (Version: 6.1.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
The Binding of Isaac Rebirth 1.0 (HKLM-x32\...\The Binding of Isaac Rebirth 1.0) (Version: 1.0 - Games on Cat-A-Cat.Net)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\883C04C33C70062A4AD0ED48685D05F25A854C1D) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\ABE36B9BBD00CD433A4454EBCAD52F303406A488) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.402) (HKLM\...\3C8B9891A89A64A0D43646719EC82184B33C4048) (Version: 10/24/2013 16.31.44.402 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\1648BE7E9583B8F416C0D65E7DFD9927F1F1348E) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\D6083E36A9821DF3D9DCA6F80AECCD3CD8411A75) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Driver Package - MakerBot Industries, LLC (usbser) Ports  (10/24/2013 16.31.44.418) (HKLM\...\E332B90FD0740040DF2D2CC1865C773283836BB6) (Version: 10/24/2013 16.31.44.418 - MakerBot Industries, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WinSCP 5.7.5 (HKLM-x32\...\winscp3_is1) (Version: 5.7.5 - Martin Prikryl)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0017E234-EB15-4E4D-8E8D-1C47B9730BDA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {071A24DD-ECE6-41D9-87FB-B69B7F1D5F5E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA => C:\Users\Kelvin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-16] (Facebook Inc.)
Task: {0D427D32-4BDD-4FFD-BFD4-E662B705B31F} - \impo -> No File <==== ATTENTION
Task: {117119C0-6012-4B56-97B0-95E3D9EFC1A7} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-01-19] ()
Task: {17858E89-FE2C-4E03-8D43-C85901995509} - System32\Tasks\{07DF366C-470D-4209-B0EC-D741A4E86209} => pcalua.exe -a C:\Users\Kelvin\Downloads\win7_64_1512754.exe -d C:\Users\Kelvin\Downloads
Task: {29C46394-85FF-4C1D-91D2-F6764A7DF5AF} - System32\Tasks\GoogleUp => C:\Windows\hsysinfo.exe
Task: {38C33716-29CC-4FD7-A1E0-8B686B6E8515} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {4926D10A-D394-458C-9706-7229EB1B650A} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {4A1151B2-B499-4B8C-B80E-0EA2039CF83E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {511973B4-9FC8-47CC-B98B-0A706374580C} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {5542DCA3-00B8-4BF8-B2C1-274624A12541} - System32\Tasks\win => C:\Windows\win.exe
Task: {58A8CB5F-BACC-4882-807A-748471499EC8} - \psv_VoyaTrax -> No File <==== ATTENTION
Task: {6215F8D0-CBFF-48B5-ADB0-CA845CD342C2} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {62349F89-3996-4544-B623-AA6677B57E2C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {62C291E0-731D-4E4E-AFEF-C0CFA9B5CAF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {62FFE2E5-5744-4343-9620-71D1A249B0E3} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {67E00AFF-9AC5-4BF2-9B0B-1960D5DE656C} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-01-06] (Overwolf LTD)
Task: {6B7347B4-824B-42A0-AA8B-751D4A27BDB2} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {6E38733E-3FEC-41BF-90C7-FF535F8F3010} - \CIMT_daily_S-1-5-21-1193186160-3758986196-1053212473-1001 -> No File <==== ATTENTION
Task: {79D81564-7F04-4673-ACF6-742DA9FB207F} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {7C7407B8-7443-48AC-B0AF-3D1118DE9B05} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {87361E10-C495-4CB3-A037-B21DEA7A7056} - System32\Tasks\import => C:\Windows\Mint.exe
Task: {93663F18-72EC-4107-AFFA-93BD6E64F93B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {95F204B6-DDFE-475F-9085-60ED9078F5A5} - \AKAJBNYC1 -> No File <==== ATTENTION
Task: {A0365548-1D89-4FB1-B5B8-5614F5C1FA20} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core => C:\Users\Kelvin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-09-16] (Facebook Inc.)
Task: {A4C5D6E0-D8D8-478B-A13D-0BB10171E197} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {A5656FDC-07C7-488C-A368-97F78B85D709} - \bvxvbxxvaa -> No File <==== ATTENTION
Task: {AA6C39D9-68D8-4802-9922-C442662774D1} - \DNSLAFAYETTE -> No File <==== ATTENTION
Task: {B28D9604-EB84-42AA-8EED-884A364E0F1B} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B8EF56D4-75A1-4225-9979-A5B17986566B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B98E0B10-92CA-4622-AE43-CF35A3E5C071} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BB2F09CA-D2F9-44AE-9295-EAC00FC7528E} - System32\Tasks\{7BC8CDDD-88FE-4797-A2FB-291A3B021786} => pcalua.exe -a C:\Users\Kelvin\AppData\Local\PPTAssist\utility\uninst.exe
Task: {BD462A40-4932-44BB-9BF1-19C812F71181} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {C38A04CC-4C10-4DDE-997E-DF8DBA25053E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-22] (Synaptics Incorporated)
Task: {D562E073-151C-4EB6-A7B5-E4FD7309D318} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {D8D3CF0A-093D-47B4-B0C8-921A5E50512F} - \CIMT_S-1-5-21-1193186160-3758986196-1053212473-1001 -> No File <==== ATTENTION
Task: {DB57B63F-800D-48B7-AF3E-91F3D881FC82} - System32\Tasks\Suagnoonkraa => C:\ProgramData\Suagnoonkraa\1.0.7.1\pahnable.exe
Task: {E3C1BDE1-8692-4AD6-9895-4621F459C452} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {E60AD6DA-282A-49E9-B12D-E684FBE1ECE6} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
Task: {E6A94616-F62B-4F6D-9B1A-1A948AC3CB21} - \SecurityApps2 -> No File <==== ATTENTION
Task: {EADFDC94-932E-4375-B04D-EDFA96A00FA4} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-01-19] ()
Task: {F406BAEF-CE4A-4228-BB69-11AFC406A36C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
Task: {F9FA2C01-92B2-49B0-B970-33AE6F3045D1} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA.job => C:\Users\Kelvin\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001Core.job => C:\Users\Kelvin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1193186160-3758986196-1053212473-1001UA.job => C:\Users\Kelvin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-10 09:36 - 2015-06-10 09:36 - 00022528 _____ () C:\Windows\System32\ssd4clm.dll
2015-02-20 08:01 - 2015-02-20 08:01 - 00022528 _____ () C:\Windows\System32\us001lm.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-24 13:24 - 2014-04-24 13:24 - 00209712 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2014-04-24 13:24 - 2014-04-24 13:24 - 00057648 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2014-04-24 13:24 - 2014-04-24 13:24 - 00057648 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTEncryptionCheck.dll
2014-04-24 13:24 - 2014-04-24 13:24 - 00037168 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-08 13:41 - 2014-03-12 13:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-08-08 13:41 - 2014-03-12 13:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-08-08 13:41 - 2014-03-12 13:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 12:40 - 2013-08-22 12:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 12:40 - 2013-08-22 12:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2015-08-24 07:56 - 2015-08-24 07:56 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2014-10-17 01:39 - 2013-03-11 14:34 - 03349504 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2015-03-18 13:08 - 2015-03-18 13:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-11 22:31 - 2015-10-30 18:59 - 00034768 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00022848 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00023352 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00042296 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00116688 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 22:31 - 2015-10-30 18:59 - 00093640 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00018376 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00019760 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00105928 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00392144 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 22:31 - 2015-12-08 15:36 - 00381752 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00692688 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00020816 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00109520 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 01737032 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00020808 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00020800 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00021840 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00038696 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00024528 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00020936 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00114640 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00021320 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00124880 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00030160 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00043472 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00175560 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00028616 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00048592 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00024392 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00036296 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 22:31 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00117056 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00023376 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00134608 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 22:31 - 2015-10-30 18:59 - 00134088 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00240584 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00020280 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00052024 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00021304 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00350152 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00084792 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 22:31 - 2015-12-08 15:36 - 01826608 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 22:31 - 2015-10-30 19:00 - 00083912 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 03891504 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 01950000 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00519984 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00133936 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00225080 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00207672 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00024904 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00486704 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 22:31 - 2015-12-08 15:36 - 00357680 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 15:45 - 2015-10-30 19:01 - 00019920 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00786904 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-31 17:43 - 2015-10-30 19:00 - 00063448 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 15:45 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-10-17 01:39 - 2011-01-26 23:53 - 00028160 _____ () C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\uiHook.dll
2015-08-24 07:56 - 2015-08-24 07:56 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2016-01-14 19:55 - 2016-01-12 10:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll
2016-01-14 19:55 - 2016-01-12 10:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll
2014-08-08 13:30 - 2013-09-03 18:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2016-01-24 23:40 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 66.112.235.250 - 66.112.235.200
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "GeekBuddy.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "sun20"
HKLM\...\StartupApproved\Run32: => "pcmgr"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "FC6DF1B6C0B86E692BC18E43CAEC9726008BADFB._cmc_service_run"
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\StartupApproved\Run: => "Free Youtube Downloader"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{27E276E6-FF4C-4541-B687-EF1B6139CBA2}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{9B42A93F-16C4-4F0E-A86B-1D9CAC25A863}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{708E1AC2-BD95-4EFB-9F3C-37F92FA95615}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EC4F3883-45CC-4677-8CCF-2B2BABE0DD97}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{AADD9722-9A73-4F33-8DD1-CC792BDEEC35}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{A22B53AD-C053-40C7-83A0-0DD4E5250A07}] => (Allow) C:\Users\Kelvin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{942ABD6D-8A99-48E8-9483-6C00B1315292}] => (Allow) C:\Users\Kelvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E17497C5-14D8-43AC-8768-A58C62368CC6}] => (Allow) C:\Users\Kelvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9BF734E-1725-47EE-858F-B03165AEA95B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{921D02B6-1A1D-4F4E-AFCD-6D7460262C98}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0EE03935-A55F-4702-BC88-540B619D28D5}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{ADE51B2D-6A6E-482B-A91F-992D41279B7A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{03941E4C-3D78-461A-AC6F-ECA71D8761B6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A7238E72-41CE-4670-AE3D-3EA682ADB3C6}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{98EDD58A-D0DE-4773-8E6B-5CD1FF8E4B63}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5A2367A8-A246-4B13-9CBA-34553077D697}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4E2A5C9-85F7-4875-A299-110714A372ED}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A276522B-BDBD-4C81-958C-3DDF016E2E2D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC45E09A-FDE2-462F-A698-7795018A07D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{0A281409-065B-41DC-B673-CF4E2D18D906}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{A1C4B86E-A922-4E1A-8B63-8C9A186F864A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{4830A303-B0EF-44BC-A0FE-6CBCB020EC16}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{BE7EFCAC-177E-4D21-A8E8-43BC9B10FFC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{1492DEFE-7360-406F-BE13-984E0A612C30}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{45475C3D-9540-4D20-9F6C-D38B1F1A3098}] => (Allow) C:\Users\Kelvin\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{EE0AA7BD-1E93-4844-89D4-08CC5BC6B279}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3BD9ABD8-95E2-49E8-BDE2-C270CD30EB25}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91F04861-BFCD-498F-82DF-106BB1250DB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FF28ED4-A4AF-4E34-BFE6-252B2978F9A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7A0081C-C01A-4310-934C-848EB5421F02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14730CA6-68F6-4F52-8757-AA13E70E66EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1B2EB5D3-3EE4-40AE-B93C-22CAE16C9392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{85D98AA0-8618-484B-A83E-C0A67230DB3C}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{909B0E61-1E66-4B23-9240-568F7B950303}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [TCP Query User{5BB3E304-9DE4-44C1-A990-25D67553CC92}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{BA8C34A1-599B-4261-9EE2-F6583DBC5E44}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{9FE2F9B0-2E03-4642-94C1-4D7CF465D678}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{02436344-218D-4280-9DBB-6EBBF8735E73}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{1A65153D-ADCC-4589-A3C6-9F8E9CD27016}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A1C174D7-5626-4DC2-ADAB-6454C87AB52B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{6A507315-B8F2-4617-BCE6-C7D75447E441}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C287B783-4C7C-4DDF-A23F-AA2B3B1E8752}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{96490433-3EAE-4603-A849-BC970A0200C0}C:\users\kelvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{ED3A921F-0AE7-4914-97E5-7BA7DF44EBFC}C:\users\kelvin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kelvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{36188765-0DCB-40EF-9F34-C1E9F5F44525}] => (Block) C:\users\kelvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1B097B9F-B917-4BBE-B8D2-1206F43EEB23}] => (Block) C:\users\kelvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4DF4C962-7569-42FC-81E9-B8089FA4EEE4}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{89CB51E3-79CF-4D7E-94F9-15D31454FFA3}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{6DCA621B-F7F3-4AAC-8AAC-CDFB9889E394}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{BD176133-1631-488C-887A-0E74AE96E2CC}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [TCP Query User{403A223B-6943-48FE-9CB6-D6A523A943EC}C:\users\kelvin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kelvin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B70F3FB3-4CF0-4AB3-9BD9-C10BF25C314D}C:\users\kelvin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kelvin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{76BD4F98-0022-4D65-ABA2-B6C12C3A68B5}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [UDP Query User{622C1D02-9F0A-41FB-9C5B-2931B4BF8AD7}C:\program files\java\jre1.8.0_20\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_20\bin\javaw.exe
FirewallRules: [{6330294D-1974-40CD-A752-F5AC0A19E470}] => (Allow) LPort=25565
FirewallRules: [{8D788EA5-51C8-4061-9110-8E375B48093C}] => (Allow) LPort=25565
FirewallRules: [{95105CB5-8252-4FCD-93D3-F0F08ADE19FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{3F7F9A36-3B7C-465C-B6AB-8EC15A57F692}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{966CB3B4-6F14-447D-AEF2-DFCD06A2A017}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6A0C5648-983E-41ED-82A7-00BD7BF6221A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3FF4032B-D0DE-43E0-9615-AC4202099989}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{A62E09AE-365C-426D-99DC-9F11DE452092}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{3BE60C8B-74FD-4C56-995F-EE0F394E56CD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{EC823E14-03FE-455C-8A44-AA2673D2C406}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B21987FD-35AB-4D8C-888A-C2F1F7A656C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E50C82B0-A482-461C-9F36-EA8AC00743DF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{DA409FAA-6853-481D-8A2A-263D43199A70}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6B30344E-9307-4DF5-BA2C-7481AC2A9FFA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{A619503D-515D-474D-BE7A-F0D6ED7F2E18}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3BF02A70-161E-4689-B33E-5EA363E866F8}] => (Allow) LPort=2869
FirewallRules: [{3E9E5AF1-448A-4618-8C35-2C108E6ACE78}] => (Allow) LPort=1900
FirewallRules: [{5218F191-C798-46D3-93ED-F8DB8758E13B}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{4A398504-BD4F-455E-8FE0-ACC878316CA7}] => (Allow) C:\Program Files\AMI\DuOS\DuOS.exe
FirewallRules: [{54F500D1-CF14-4845-B31E-01464EC55166}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{AAB31911-227F-489B-917F-93A820DFEE04}] => (Allow) C:\Program Files\AMI\DuOS\Ubusd.exe
FirewallRules: [{E76D054E-25A9-43FE-ACDB-8478F7685D73}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{04F424B4-E464-4314-828F-24BF8722710B}] => (Allow) C:\Program Files\AMI\DuOS\Dsync.exe
FirewallRules: [{AF870195-FEEA-48E6-96CE-A745481C2333}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{772ECC29-04A3-4385-9530-CB7361AE1378}] => (Allow) C:\Program Files\AMI\DuOS\SysEvent.exe
FirewallRules: [{4066D34C-C5FF-411E-A017-CF94482FCEA9}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{EB4F1B60-0E12-4DEE-A26A-697CEF8E5433}] => (Allow) C:\Program Files\AMI\DuOS\locationservice.exe
FirewallRules: [{E8F85AE5-73A5-45BA-807F-148C79E45CC2}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{FC9E5B30-47DF-44B0-BCC2-888DBEFC0ECA}] => (Allow) C:\Program Files\AMI\DuOS\SensorService.exe
FirewallRules: [{5A04A46F-41BB-4BC1-9331-903A605A7476}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{1DDB2552-BD49-45AC-A975-BA7CB5F5AF40}] => (Allow) C:\Program Files\AMI\DuOS\..\DuoVM\DuoVMHeadless.exe
FirewallRules: [{6D7831E2-A2B5-4C6F-BF1C-8880F1DE9F6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1ECEAE03-3118-4166-B620-BA862A8BE312}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31A75F1E-EA6D-4EC4-91FF-09676ED46A27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7E04E9C-5A7D-45E3-B93C-4186E33F7BC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA3514B-E9F4-4E22-BA3F-5999DB8F0D81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{BB8FAD1B-703F-47A6-AFAF-BAED8BF96BD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{5E3AE766-B5B7-4D87-A04C-A76C1F6CCCAE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F243A4F5-AC11-48F8-BD6B-6062061504B3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F422FBF7-D97A-47BF-B349-3E7D31EC1CB7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{18D26B54-1D5B-4DBA-B04C-2752916E30BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{7D2247B1-02BF-48D2-B1CD-91E63EC5DBEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{28628428-973E-4F0A-BD58-28D2D077C2F7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{80F9AE97-9F9D-4E67-BAB0-66B295A1C561}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{4BB4A1CE-B9DE-4915-83ED-5A906089DC63}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{718EA980-D781-403E-AB84-9B58549A7807}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{8DB7CF53-D903-431F-9BC6-FBEE366E46E8}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{31A39600-127A-4577-82BB-A4DED0494476}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{2573A46C-A70A-447D-89A1-43D40FDBD8B7}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{37729ABB-6579-479F-B3DA-983E7D02753D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
 
==================== Restore Points =========================
 
25-01-2016 18:52:53 Installed AVG
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/27/2016 04:53:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/27/2016 04:53:14 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x8004625b\n
 
Error: (01/27/2016 01:03:50 PM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n
 
Error: (01/27/2016 09:57:46 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n
 
Error: (01/27/2016 09:00:59 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n
 
Error: (01/27/2016 12:49:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.125.0, time stamp: 0x5612a56b
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x17ac
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5
 
Error: (01/27/2016 12:25:37 AM) (Source: ISCTAgent) (EventID: 1000) (User: )
Description: ISCT - netDetect::AOACWLANProset::LocateAdapters   Net Detect:  Net Detect Supported Error Getting Adapter List Error=0x80045205\n
 
Error: (01/26/2016 11:46:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1140
 
Error: (01/26/2016 11:46:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1140
 
Error: (01/26/2016 11:46:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/27/2016 08:25:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Defender Service service failed to start due to the following error: 
%%577
 
Error: (01/27/2016 08:23:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (01/27/2016 08:23:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (01/27/2016 08:23:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/27/2016 08:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-01-27 20:28:03.962
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:28:03.618
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:28:03.102
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:28:02.743
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:25:04.770
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:25:04.504
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-27 20:23:47.284
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:08:20.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 20:08:20.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-01-27 19:27:36.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 6042.57 MB
Available physical RAM: 3015.71 MB
Total Virtual: 9242.57 MB
Available Virtual: 5690.73 MB
 
==================== Drives ================================
 
Drive c: (C:) (Fixed) (Total:444.32 GB) (Free:265.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 95A19FB6)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:56 AM

Posted 28 January 2016 - 12:35 AM

Hello again Kelvin,

Okay, I'm going to need some information about some things in the logs. ...First of all the User Account Control (UAC) prompt is nothing to worry about...it is always enabled by default, but you've likely had it disabled for quite some time and forgot about it.
Some automated scanners will detect that change as "possible malicious activity", and re-enable the UAC...we can change it back again later on, but for now just accept it when asked during the cleanup. :wink:
 
I see you have both LogMeIn and TeamViewer programs installed...do you use both of these programs, or would you like to remove none, one, or both of them?
 
Also, do you use Spotify? I ask because you have the program running when you log on, but it's blocked in your firewall rules:

FirewallRules: [{36188765-0DCB-40EF-9F34-C1E9F5F44525}] => (Block) C:\users\kelvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{1B097B9F-B917-4BBE-B8D2-1206F43EEB23}] => (Block) C:\users\kelvin\appdata\roaming\spotify\spotify.exe

 
And did you just install AVG the other day? Would you like to keep it, or you're not sure yet?
 
...A lot of questions...I know, don't worry. We'll worry about most of them later if you're not sure. Just answer the Spotify question first if you recognize the program. :)

 

==========
 
Before the following steps, I must issue a warning:

Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features (another method is to hold the "Windows key" on your keyboard and press the "R" key to open the Runbox...they type in appwiz.cpl and press enter).

If you wish to keep it, please do not use it until your computer is cleaned.
 
====================
 
Step :step1:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

====================

Step :step2:

Run Combofix

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out here or here

Combofix may need to reboot your computer more than once to do its job...this is normal.

You can download Combofix from one of these links.

  • Close any open browsers or any other programs that are open.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you C:\Combofix.txt. Please include that in your next reply.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please simply restart the computer

====================

Please post both the JRT.txt log and the Combofix.txt log in your next reply. Try to answer my questions earlier as well, but it's okay if you're not sure right now. :wink:

 

If you have trouble running Combofix, just stop and let me know what happens!

 

bloopie



#9 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 28 January 2016 - 03:33 PM

I've used LogMeIn (Hamachi) and TeamViewer before but I can remove them. I don't really need them. 

 

I do use Spotify, I probably disabled it on the firewall with AVG on accident. But I ran Spotify and it worked so I guess its okay.

And yes I downloaded AVG very recently, like within a week ago just to tackle this issue but I wouldn't mind removing it. It doesn't really help anymore.

 

Both ComboFix programs gave me the same error, but I ran JRT with no problems, the log is below the error picture:

66e428bfccc52e2bdd0aa15c2c7ee7b1.png

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x64 
Ran by Kelvin (Administrator) on Thu 01/28/2016 at 14:22:46.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 10 
 
Successfully deleted: C:\Windows\system32\Tasks\GoogleUp (Task)
Successfully deleted: C:\Windows\system32\Tasks\import (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\Windows\system32\Tasks\win (Task)
Successfully deleted: C:\Windows\SysWOW64\x64.txt (File) 
Successfully deleted: C:\Windows\Temp\mrt413F.tmp\stdrt.exe (File) 
Successfully deleted: C:\Windows\Temp\mrt6DCD.tmp\stdrt.exe (File) 
Successfully deleted: C:\Windows\Temp\mrt949E.tmp\stdrt.exe (File) 
Successfully deleted: C:\Windows\Temp\mrtA19F.tmp\stdrt.exe (File) 
 
 
 
Registry: 3 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1E916F27-7392-45DA-930F-3196194182F0} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{607A7539-162B-44EE-ACF8-4CD20B42C760} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/28/2016 at 14:26:19.66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by kelvinhe, 28 January 2016 - 03:34 PM.


#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 28 January 2016 - 07:36 PM

Hello again,
 
Okay good...don't worry about those programs for now (LogMeIn/TeamViewer/Spotify/AVG), I just wanted to be sure you were aware, and they were intentional. They are okay to keep if you wish. :)
 
==========
 

Both ComboFix programs gave me the same error

That's okay as well...I knew Windows 8 will run sometimes, so Windows 8.1 was worth a shot. We'll just take care of it manually then. :wink:

 

==========
 
The JRT log looks good and it picked up a few others, but let's run this FRST script next and then we'll see where we're at:

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   2.81KB   2 downloads
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

Once you run the fix and post the Fixlog.txt, please let me know how the machine is running now...any changes (better or worse)?

 

We still have a bit more to do but I want to see the contents of the fixlog, and hear from you the current status of the machine before we continue.

 

...And don't worry or get discouraged, I will stay with you until the end...I'm not going anywhere. :thumbup2:

 

bloopie



#11 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 28 January 2016 - 09:54 PM

I think the not responding problem might have been fixed. I'll give some time before I report back to you again to confirm. 

A problem I had right before I ran the fix with FRST, my Google Chrome and FL Studio both closed randomly, at separate times. Again I'll see if there were any changes since the fix.

 

The problem that remains is when I try to save files, the save window will not show up, and I still cannot alt-tab between programs sometimes.

 

Here's my fixlog, thank you for reassuring me I really appreciate all the help you've given me so far!

 

 Fix result of Farbar Recovery Scan Tool (x64) Version:27-01-2016

Ran by Kelvin (2016-01-28 20:46:28) Run:1
Running from C:\Users\Kelvin\Desktop\Virus
Loaded Profiles: Kelvin (Available Profiles: Kelvin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1193186160-3758986196-1053212473-1001 -> {1E916F27-7392-45DA-930F-3196194182F0} URL = 
BHO-x32: No Name -> {607A7539-162B-44EE-ACF8-4CD20B42C760} -> No File
FF HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\...\Firefox\Extensions: [acewebextension@acestream.org] - C:\Users\Kelvin\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension.xpi => not found
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M97CA225A-1134-45EE-A6F7-8649900EA7A4&SearchSource=55&CUI=&UM=8&UP=SP596CB5B1-C8CF-4106-8179-561FACAD2C06&D=012416&SSPV=","hxxps://piazza.com/class/ijlnyk1m4h731e"
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30]
S1 MpKsldd09faf3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8860BDB5-8C6C-41FD-B46A-34A3974606A6}\MpKsldd09faf3.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
Task: {0D427D32-4BDD-4FFD-BFD4-E662B705B31F} - \impo -> No File <==== ATTENTION
Task: {511973B4-9FC8-47CC-B98B-0A706374580C} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {58A8CB5F-BACC-4882-807A-748471499EC8} - \psv_VoyaTrax -> No File <==== ATTENTION
Task: {6B7347B4-824B-42A0-AA8B-751D4A27BDB2} - System32\Tasks\MyDailyBackup => C:\Windows\winupd.exe <==== ATTENTION
Task: {6E38733E-3FEC-41BF-90C7-FF535F8F3010} - \CIMT_daily_S-1-5-21-1193186160-3758986196-1053212473-1001 -> No File <==== ATTENTION
Task: {95F204B6-DDFE-475F-9085-60ED9078F5A5} - \AKAJBNYC1 -> No File <==== ATTENTION
Task: {A5656FDC-07C7-488C-A368-97F78B85D709} - \bvxvbxxvaa -> No File <==== ATTENTION
Task: {AA6C39D9-68D8-4802-9922-C442662774D1} - \DNSLAFAYETTE -> No File <==== ATTENTION
Task: {B28D9604-EB84-42AA-8EED-884A364E0F1B} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {D8D3CF0A-093D-47B4-B0C8-921A5E50512F} - \CIMT_S-1-5-21-1193186160-3758986196-1053212473-1001 -> No File <==== ATTENTION
Task: {E6A94616-F62B-4F6D-9B1A-1A948AC3CB21} - \SecurityApps2 -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
cmd: type C:\Users\Kelvin\Desktop\Rkill.txt
*****************
 
Restore point was successfully created.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1E916F27-7392-45DA-930F-3196194182F0} => key not found. 
HKCR\CLSID\{1E916F27-7392-45DA-930F-3196194182F0} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{607A7539-162B-44EE-ACF8-4CD20B42C760} => key not found. 
"HKCR\Wow6432Node\CLSID\{607A7539-162B-44EE-ACF8-4CD20B42C760}" => key removed successfully
HKU\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Mozilla\Firefox\Extensions\\acewebextension@acestream.org => value removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Kelvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
MpKsldd09faf3 => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D427D32-4BDD-4FFD-BFD4-E662B705B31F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D427D32-4BDD-4FFD-BFD4-E662B705B31F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\impo" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{511973B4-9FC8-47CC-B98B-0A706374580C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{511973B4-9FC8-47CC-B98B-0A706374580C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58A8CB5F-BACC-4882-807A-748471499EC8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58A8CB5F-BACC-4882-807A-748471499EC8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_VoyaTrax => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B7347B4-824B-42A0-AA8B-751D4A27BDB2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B7347B4-824B-42A0-AA8B-751D4A27BDB2}" => key removed successfully
C:\Windows\System32\Tasks\MyDailyBackup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MyDailyBackup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E38733E-3FEC-41BF-90C7-FF535F8F3010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E38733E-3FEC-41BF-90C7-FF535F8F3010}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-1193186160-3758986196-1053212473-1001 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95F204B6-DDFE-475F-9085-60ED9078F5A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95F204B6-DDFE-475F-9085-60ED9078F5A5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AKAJBNYC1 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5656FDC-07C7-488C-A368-97F78B85D709}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5656FDC-07C7-488C-A368-97F78B85D709}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaa => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{AA6C39D9-68D8-4802-9922-C442662774D1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6C39D9-68D8-4802-9922-C442662774D1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSLAFAYETTE => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B28D9604-EB84-42AA-8EED-884A364E0F1B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B28D9604-EB84-42AA-8EED-884A364E0F1B}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8D3CF0A-093D-47B4-B0C8-921A5E50512F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8D3CF0A-093D-47B4-B0C8-921A5E50512F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-1193186160-3758986196-1053212473-1001 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6A94616-F62B-4F6D-9B1A-1A948AC3CB21}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6A94616-F62B-4F6D-9B1A-1A948AC3CB21}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecurityApps2 => key not found. 
C:\ProgramData\TEMP => ":B3503B59" ADS removed successfully.
 
=========  type C:\Users\Kelvin\Desktop\Rkill.txt =========
 
The system cannot find the file specified.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:46:55 ====

Edited by kelvinhe, 28 January 2016 - 10:18 PM.


#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:03:56 AM

Posted 29 January 2016 - 07:27 PM

Hello again Kelvin,
 

thank you for reassuring me I really appreciate all the help you've given me so far!

It's my pleasure! :wink:
 
==========

Important Note, and just so you know: I see you've moved FRST to a folder on your desktop called Virus. We may need to move that tool (and any other tool we use for the cleaning) back to the desktop so they can be removed cleanly later on. It's okay to leave it there for now, but at the very end, these tools should be moved back to the desktop. Okay?

 

==========
 

I think the not responding problem might have been fixed. I'll give some time before I report back to you again to confirm.

Okay good...keep me posted on that. :)
 
==========
 

A problem I had right before I ran the fix with FRST, my Google Chrome and FL Studio both closed randomly, at separate times. Again I'll see if there were any changes since the fix.
 
The problem that remains is when I try to save files, the save window will not show up, and I still cannot alt-tab between programs sometimes.

Good to know, and thanks very much for the updates! :thumbup2:
 
We still have a few things to do, so we'll see if anything is still persisting after we take care of the next couple of things.

 

==========

It looks like the Bonjor Service is having some trouble...do you use Bonjor? It comes bundled with iTunes and other Apple software, but almost always has problems of some sort. If you don't use it, or any part of it, we can remove it later.
 
====================
 
Okay, back to the fun! :) 
 
Have you rebooted your machine since the last FRST fix? If not, please do so now before we continue with the next steps.

Step :step1:
 
Run RogueKiller by Tigzy:

  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • A report should open and a copy of the report will be placed on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply

==========

Step :step2:

Run TDSSKiller:

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg
  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png
  • Once the system reboots, and you see the Kaspersky TDSSKiller window again. Please click "Change Parameters" again, and make sure all boxes are checkboxed!
  • Click Start Scan and allow the scan process to run


    tds4-1.jpg
  • If threats are detected select Skip or Cure (if available) for all of them unless otherwise instructed.
    ***Do NOT select Delete!
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and attach it into your next reply

This log may be too long to fit into one post, so you can attach this one. Please let me know if you have trouble with attaching the log.

====================

I'm not expecting to find any "real" malware with TDSSKiller, but the scan will not take long. If you have any trouble with either tool, please stop and let me know! :)

...These two tools are another check for any possible remaining malware on the system. Once we've ruled out malware being the possible cause of your remaining issues, then we'll target those issues more precisely.

After copy/pasting the RogueKiller log and attaching the TDSSKiller log, please update me on the performance of the machine (remaining problems or lack there of, and general performance).

bloopie



#13 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 30 January 2016 - 04:41 PM

Hello, I think the alt-tab problem may have been fixed. The not responding problem still occurs but not as often. I can't find the desktop button anymore on my start menu though, how do I add it back?
 
I also deleted the files from whatever RogueKiller found, not from TDSSKiller though. RogueKiller log is here, and I will attach the TDSS log.
 
 
RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Kelvin [Administrator]
Started from : C:\Users\Kelvin\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/30/2016 13:45:23
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 14 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Microsoft\Windows\CurrentVersion\Run | AceStream : C:\Users\Kelvin\AppData\Roaming\ACEStream\engine\ace_engine.exe [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Microsoft\Windows\CurrentVersion\Run | AceStream : C:\Users\Kelvin\AppData\Roaming\ACEStream\engine\ace_engine.exe [x] -> ERROR [2]
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kpkqNVXIhM ("C:\ProgramData\nbccBGaZIXR\kpkqNVXIhM.exe") -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kpkqNVXIhM ("C:\ProgramData\nbccBGaZIXR\kpkqNVXIhM.exe") -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1193186160-3758986196-1053212473-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com/?pc=DCJB  -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{87B0BA41-66B2-4C33-AE58-1220BC386FCF} | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CC1E8685-13EC-4362-ACEE-3B6AA210CC0B} | DhcpNameServer : 172.20.10.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D6B2CE80-4D7D-496E-A2B6-D7A30CB2A7FA} | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87B0BA41-66B2-4C33-AE58-1220BC386FCF} | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CC1E8685-13EC-4362-ACEE-3B6AA210CC0B} | DhcpNameServer : 172.20.10.1 ([X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D6B2CE80-4D7D-496E-A2B6-D7A30CB2A7FA} | DhcpNameServer : 66.112.235.250 66.112.235.200 ([X][X])  -> Not selected
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \Suagnoonkraa -- "C:\ProgramData\Suagnoonkraa\1.0.7.1\pahnable.exe" ("/e=L3A9MjU0NjAxXi91PTUyZWU1NGM5NTc3YzQ3YWFhNzgzZTE0Y2Q3MjI1MGNjXi9kPXdoYXRzdXBjZWxlYnJpdHkuY29tXi9uPUNMQlReL2E9Q2VsZWJyaXR5QWxlcnReL3Q=") -> Deleted
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432} -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\instance.dat -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.dat -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.exe -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.msi -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.par -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\Kontakt 5 Setup PC.res -> Deleted
[PUP][File] C:\ProgramData\{13C5090D-8DAD-437E-B069-232C287DA432}\mia.lib -> Deleted
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM000-1EJ162 +++++
--- User ---
[MBR] 33358a9c8bc9af9e3f727791b5518241
[BSP] 5175ea9fb1215ff72670c81ae664d54c : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1026048 | Size: 40 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1107968 | Size: 128 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1370112 | Size: 750 MB
4 - Basic data partition | Offset (sectors): 2906112 | Size: 454983 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 959991808 | Size: 8194 MB
6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 934711296 | Size: 12344 MB
User = LL1 ... OK
User = LL2 ... OK



#14 Guest_kelvinhe_*

Guest_kelvinhe_*

  • Guests
  • OFFLINE
  •  

Posted 30 January 2016 - 04:43 PM

Attached is the log.

Attached Files



#15 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York

Posted 30 January 2016 - 05:20 PM

Hello again,

 

Thanks for the information and logs! :thumbup2:
 

I also deleted the files from whatever RogueKiller found

I did not instruct you to delete anything from RogueKiller, that could be potentially catastrophic for your machine! You may be okay in this case, whew, but let me know if things (like your internet) are not running correctly as a result!

 

Please be sure to follow my instructions closely from now on, or you may end up with an unbootable computer! I really don't want to have that happen, and I'm sure you don't either. :wink:

 

Okay, let's get back to the final malware checks:
 
==========

Step :step1:

FRST Fix:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   30bytes   3 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Step :step2:

ESET Online Scanner:

 

Note: This scan may take some time

Note2: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download it's components, register itself, and start itself.
  • In the new window that opens, tic the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 

If nothing is detected, there will be no log...just close the program and let me know.

 

==========

Step :step1:

Security Check:

  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply

==========

 

In your next reply, please include the following:
 

  • The Fixlog.txt from FRST
  • The Eset log
  • The Security Check log
  • Let me know if everything is still running okay!

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users