Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware/virus infection behavior recently noticed


  • This topic is locked This topic is locked
173 replies to this topic

#1 soderquist1

soderquist1

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 21 September 2016 - 10:40 PM

Hi i reciently notices a small window randomly pops up and dissapears on it own frequently and i know it is malware related due to past experience
Also i cant post whole log in a single post so i will cut it in half, im not so sure why it is so long tho
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-09-2016
Ran by dale (administrator) on DALE-ASUS (21-09-2016 21:21:11)
Running from C:\Users\dale\Downloads
Loaded Profiles: dale & DefaultAppPool &  (Available Profiles: dale & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
() C:\Windows\System32\FspService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(AsusTek) C:\Program Files\FSP\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files\FSP\QuickGesture\x64\QuickGesture64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\dale\AppData\Local\Facebook\Games\FacebookGames.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(The CefSharp Authors) C:\Users\dale\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\wimserv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_2.4.1.0_x86__h6adky7gbf63m\W8.1EntryPoint.exe
(The CefSharp Authors) C:\Users\dale\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
(The CefSharp Authors) C:\Users\dale\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [fspuip] => C:\Program Files\FSP\fspuip.exe [6319440 2015-05-29] (Sentelic Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [qgesture32] => C:\Program Files\FSP\QuickGesture\x86\quickgesture.exe [19824 2011-10-15] (AsusTek)
HKLM\...\Run: [qgesture64] => C:\Program Files\FSP\QuickGesture\x64\quickgesture64.exe [21360 2011-10-15] (AsusTek)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13622512 2016-08-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1867448 2016-07-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [830064 2016-09-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25382344 2016-09-19] (Dropbox, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-08-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-28] (Siber Systems)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-28] (Siber Systems)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [884920 2016-06-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-28] (Siber Systems)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.43.dll [2016-09-19] (Dropbox, Inc.)
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-05-27] ()
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Games Arcade (BETA).lnk [2016-09-16]
ShortcutTarget: Facebook Games Arcade (BETA).lnk -> C:\Users\dale\AppData\Local\Facebook\Games\FacebookGames.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.184.15 64.59.190.245
Tcpip\..\Interfaces\{332bc5a9-44a4-476c-b6f2-f88aa738be70}: [DhcpNameServer] 64.59.184.17 64.59.191.229
Tcpip\..\Interfaces\{a714e976-949d-45d5-8a1f-b99508a69b54}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d6ae253e-600d-40b3-ad14-58a30050b37f}: [DhcpNameServer] 64.59.184.15 64.59.190.245
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-08-16] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-03] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-08-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-03] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2015-09-30] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-06-19] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\l5o8o5y5.default-1419992173779
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-03] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-28]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-02-17]
FF HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Attached Files


Edited by Oh My!, 23 September 2016 - 09:35 AM.


BC AdBot (Login to Remove)

 


#2 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 21 September 2016 - 10:41 PM

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Docs) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-06]
CHR Extension: (Google Drive) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Skype) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-08-30]
CHR Extension: (Gmail) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
CHR Extension: (RoboForm Password Manager) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-08-25]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [989696 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [470600 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [470600 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1454720 2016-09-13] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [324304 2016-08-19] (Avira Operations GmbH & Co. KG)
S3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3192560 2016-07-26] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-18] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-18] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42792 2016-09-19] (Windows ® Win 7 DDK provider)
R2 FspSvc; C:\Windows\System32\FspService.exe [2178896 2015-05-29] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [172200 2016-07-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2014-11-20] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe [388608 2016-01-28] (Wondershare) [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13622512 2016-08-30] (Zemana Ltd.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4316784 2015-06-15] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [144664 2016-07-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [154392 2016-07-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-06-02] (Avira Operations GmbH & Co. KG)
S3 DCamUSBTP10; C:\Windows\System32\Drivers\iP293x.sys [197376 2009-11-20] (iPassion Technology Inc.) [File not signed]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2016-03-16] (Digiarty Software, Inc.)
R3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 fspad_win764; C:\Windows\system32\DRIVERS\fspad_win764.sys [209232 2015-05-29] (Sentelic Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-01-06] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [121824 2016-07-12] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [87552 2006-06-20] (Microsoft Corporation) [File not signed]
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-09-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-09-02] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 21:21 - 2016-09-21 21:22 - 00043394 _____ C:\Users\dale\Downloads\FRST.txt
2016-09-21 21:20 - 2016-09-21 21:20 - 02402816 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2016-09-21 17:25 - 2016-09-21 17:25 - 00000000 ___HD C:\OneDriveTemp
2016-09-20 06:41 - 2016-09-20 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-19 19:15 - 2016-09-19 19:15 - 00042792 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DbxSvc.exe
2016-09-19 19:07 - 2016-09-19 19:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-09-19 19:07 - 2016-09-19 19:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-09-19 19:07 - 2016-09-19 19:07 - 00073840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-09-18 11:11 - 2016-09-18 11:12 - 00000112 _____ C:\Users\dale\Downloads\gateway2.aspx
2016-09-16 17:24 - 2016-09-16 17:24 - 00001209 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-09-16 09:57 - 2016-09-16 09:57 - 00001288 _____ C:\Users\dale\Desktop\Facebook Games Arcade (BETA).lnk
2016-09-16 09:57 - 2016-09-16 09:57 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2016-09-16 09:57 - 2016-09-16 09:57 - 00000000 ____D C:\Users\dale\AppData\Local\FacebookGames
2016-09-16 09:57 - 2016-09-16 09:57 - 00000000 ____D C:\Users\dale\AppData\Local\Facebook
2016-09-16 09:56 - 2016-09-16 09:56 - 00110352 _____ () C:\Users\dale\Downloads\FacebookGamesArcadeSetup.exe
2016-09-13 17:47 - 2016-09-13 17:47 - 00000000 ____D C:\Users\dale\AppData\Local\TempTaskUpdateDetectionDD9D5175-D551-44A9-B3A6-B4B2C30B4F8D
2016-09-02 16:55 - 2016-09-02 16:55 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-09-02 16:55 - 2016-09-02 16:55 - 00001219 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-02 16:55 - 2016-09-02 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-02 16:54 - 2016-09-02 16:55 - 05295424 _____ ( ) C:\Users\dale\Downloads\Zemana.AntiMalware.Setup.exe
2016-08-31 18:31 - 2016-08-31 18:31 - 00000000 ____D C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flixster Video
2016-08-31 18:31 - 2016-08-31 18:31 - 00000000 ____D C:\Users\dale\AppData\Local\Deployment
2016-08-26 15:33 - 2016-08-26 15:33 - 00003326 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 21:22 - 2016-02-19 12:39 - 03755235 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-09-21 21:22 - 2016-02-19 12:39 - 03669008 _____ C:\WINDOWS\ZAM.krnl.trace
2016-09-21 21:21 - 2016-04-19 19:23 - 00000000 ____D C:\FRST
2016-09-21 20:50 - 2012-05-27 21:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-21 20:45 - 2014-04-26 19:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-21 20:40 - 2015-12-18 00:35 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-21 20:32 - 2011-04-01 22:36 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-21 18:52 - 2016-05-27 19:09 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-21 18:33 - 2016-07-16 09:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-21 17:32 - 2011-04-01 22:36 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-21 17:27 - 2016-05-27 17:17 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-21 17:27 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-21 17:25 - 2016-02-19 11:55 - 00000000 ____D C:\Users\dale\AppData\Roaming\Skype
2016-09-21 17:25 - 2015-11-21 16:27 - 00000000 ___RD C:\Users\dale\OneDrive
2016-09-21 17:24 - 2016-05-27 17:18 - 00000000 ____D C:\Users\dale
2016-09-21 17:24 - 2015-12-18 00:35 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-21 06:55 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-21 06:21 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-21 06:15 - 2014-08-20 12:19 - 00000000 ____D C:\Users\dale\AppData\Local\Adobe
2016-09-20 23:00 - 2016-03-01 20:02 - 00000000 ____D C:\Users\dale\AppData\Roaming\SoftGrid Client
2016-09-20 06:41 - 2015-12-18 00:35 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-09-19 20:48 - 2016-02-21 13:07 - 00000000 ____D C:\Users\dale\Documents\microsoft documents
2016-09-19 16:46 - 2015-11-21 18:24 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{786A8471-473F-4390-9B9F-E166896F3ADD}
2016-09-19 16:46 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-19 16:44 - 2013-12-04 14:32 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-09-16 19:34 - 2011-04-01 22:36 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 17:24 - 2016-07-30 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-09-16 17:23 - 2015-10-20 11:42 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-16 00:09 - 2015-10-20 14:49 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-13 18:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 18:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-09-13 18:50 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-13 18:35 - 2012-02-09 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-13 18:34 - 2013-07-15 12:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-13 18:34 - 2012-02-09 13:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-13 18:34 - 2012-02-09 13:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-13 18:24 - 2011-11-04 19:32 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-13 17:49 - 2016-05-27 17:14 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-13 17:49 - 2016-02-19 12:39 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-13 17:49 - 2016-02-13 07:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-13 17:48 - 2015-10-30 00:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-13 06:41 - 2016-02-19 11:55 - 00000000 ____D C:\Users\dale\AppData\Local\Packages
2016-09-06 19:00 - 2015-10-30 01:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-06 19:00 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-02 16:52 - 2016-02-19 12:39 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-09-01 06:52 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-31 18:31 - 2016-04-05 22:17 - 00000360 _____ C:\Users\dale\Desktop\Flixster Video.appref-ms
2016-08-26 15:33 - 2015-11-21 16:27 - 00002403 _____ C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2016-02-20 14:34 - 2016-02-20 15:11 - 0000115 _____ () C:\Users\dale\AppData\Roaming\LogFile.txt
2016-03-16 17:34 - 2016-03-16 17:34 - 0003584 _____ () C:\Users\dale\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-20 19:56 - 2016-08-20 20:00 - 0000032 _____ () C:\ProgramData\serverclasscache.ini
 
Some files in TEMP:
====================
C:\Users\dale\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-18 10:06
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by dale (21-09-2016 21:22:57)
Running from C:\Users\dale\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-27 23:38:48)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2803351199-1918054348-220819788-500 - Administrator - Disabled)
dale (S-1-5-21-2803351199-1918054348-220819788-1000 - Administrator - Enabled) => C:\Users\dale
DefaultAccount (S-1-5-21-2803351199-1918054348-220819788-503 - Limited - Disabled)
Guest (S-1-5-21-2803351199-1918054348-220819788-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2803351199-1918054348-220819788-1013 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit CC (HKLM-x32\...\{6297487E-3778-4F72-B458-55690418DB98}) (Version: 4.0.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.7 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.0 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.8 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0038 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.20.59 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{6052a753-acc6-4c02-b5a8-70962ff8e0a4}) (Version: 1.2.69.16114 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{82dc2ab6-088f-4e0a-8e27-bb829481d3bc}) (Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.2.70.16079 - Avira Operations GmbH & Co. KG) Hidden
BitTorrent (HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 10.4.26 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Facebook Games Arcade 0.11.2.4 (HKLM-x32\...\{923578AC-231E-4A7C-8AB8-A90C16B8A507}) (Version: 0.11.2.4 - Facebook)
Finger Sensing Pad Driver (HKLM\...\{E86906FF-C63D-4EAF-ACE7-5F8D55FBEA9A}) (Version: 9.4.9.5 - Sentelic)
Flixster Video (HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
Flixster Video (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
Flixster Video (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\5cdf686a56bda3b1) (Version: 2.6.5.532 - Flixster Video)
Fresco Logic USB3.0 Host Controller (HKLM\...\{17F94DA8-CB07-4BD8-A6DB-E53A1CC5C433}) (Version: 3.5.73.0 - Fresco Logic Inc.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
iCloud (HKLM\...\{ADFDB647-35C0-4254-9EE6-2D9C3B7104BD}) (Version: 5.2.1.69 - Apple Inc.)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2013 - en-us (HKLM\...\WordRetail - en-us) (Version: 15.0.4859.1002 - Microsoft Corporation)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.26.01.465 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.0.5998 - Mozilla)
Nightly 49.0a1 (x64 en-US) (HKLM\...\Nightly 49.0a1 (x64 en-US)) (Version: 49.0a1 - Mozilla)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4859.1002 - Microsoft Corporation) Hidden
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - hxxp://winaero.com)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7709 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.0.34.1 - Seagate)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Sony Pictures Download Manager (HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\482838368.redeem.sonypicturesstore.com) (Version: - redeem.sonypicturesstore.com)
Sony Pictures Download Manager (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\482838368.redeem.sonypicturesstore.com) (Version: - redeem.sonypicturesstore.com)
Sony Pictures Download Manager (HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\482838368.redeem.sonypicturesstore.com) (Version: - redeem.sonypicturesstore.com)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.88 - NCH Software)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited)
USB 2.0 PC Camera Driver (HKLM-x32\...\{E398E7CC-30B8-4D63-B07B-741163A12565}) (Version: 100.000.070814 - )
Vulkan Run Time Libraries 1.0.5.1 (HKLM\...\VulkanRT1.0.5.1) (Version: 1.0.5.1 - LunarG, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.0 - ASUS)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.30.37 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2803351199-1918054348-220819788-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dale\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2803351199-1918054348-220819788-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02D6A774-7171-470E-A97E-2D6CCD7FDF28} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\dale\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-26] (Microsoft Corporation)
Task: {0380148B-19C8-4452-B604-3794E04877E6} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-18] (Dropbox, Inc.)
Task: {05DCB284-5B06-4FF9-8575-5DE4E9C02C2D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0B07B7DF-7BB4-4E8D-8A79-58C2CBB0B8B8} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {0BF3AEA2-D204-4B81-BEC4-2F19E5ABFA5E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {10BDEDC7-CD4F-4B31-B74E-28F569421982} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {18EC370F-B688-45BF-B4D2-CC23466786CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {3160ACE9-668E-4479-AA9A-49386D50C3A9} - System32\Tasks\dale DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-02-10] (Seagate Technology LLC)
Task: {36BE1253-BBB9-4C2F-9AC5-6B8C837188D2} - System32\Tasks\{360FE696-0A3C-417B-A705-B57CC054D6D2} => pcalua.exe -a "C:\Users\dale\Downloads\Inventory Tweaks Mod Installer.exe" -d C:\Users\dale\Downloads
Task: {3C7743F7-095C-4ABD-8DA6-3B3DEA6C53FA} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {4916BE3A-7C01-473A-B809-0DB24EE7DCFB} - System32\Tasks\{E1A52068-557B-4FD8-A88B-ED8B7F20BFC6} => C:\Users\dale\Desktop\Display Driver Uninstaller.exe
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4FFCA88E-D559-4982-80DF-DD135499538F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {50F4325B-180A-4F00-AEC8-DF4753F4E464} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {5366E2BB-A384-41FB-9C13-BA6A6F739020} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {5697D483-2B19-41BF-AC39-9113F0E206CF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {5BFDE3F2-A920-4BDB-8748-3286D2E4F42D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {61D46A13-9A28-4EA0-9ACE-9D827F921C79} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {6248A75E-3623-4081-B870-E9E3EFD4C7CE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {6576210E-2B5A-4F1F-835A-7FEEA35BBE75} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {6B661A5F-59D4-4F3E-BBC0-0B5B4D720C62} - System32\Tasks\{4177DDE1-F197-45A4-9D68-66C4857FD80A} => C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-10-09] (BitTorrent Inc.)
Task: {72A97CC7-83FE-4908-95E9-C41499E22480} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {730115A6-C18D-4538-90DB-AF72010ACCFB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {7718BEE0-3AEC-4678-A627-6EF874A2F248} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKJPMOJKMNMPMLMIMCNNJKJJJIMCNLMLJLJJMCNGMHMMMLJCNNMNMPMKJGMPMPMOJJJIMJMKJJNJICMIMCNGMCNOMJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMNMIMMMJNHICMMJBJKJLIMJJNBJCMLJOJDJKJJNKJCMJNNICMJNDJCMKJBJJNMJCMOMFM (the data entry has 45 more characters).
Task: {7D1CFD04-ABA8-49A6-93ED-14EF7FE49F7B} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-12-29] (Realtek Semiconductor)
Task: {7D66A4DD-4B3C-459C-922F-96469AB729E7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-26] (Microsoft Corporation)
Task: {81144319-E425-478E-A187-0F510F45C429} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {81E45604-D7FC-4BE2-882E-8DE7CA4A9C8D} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-01-04] (ASUS)
Task: {926D4AAD-E239-454D-9BC3-9677D118188B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9301C096-EC30-489F-9696-FE2831ECDB69} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-18] (Dropbox, Inc.)
Task: {95274A48-88AC-4854-A9B1-6286EE6DFF06} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-02-10] (Seagate Technology LLC)
Task: {9925099C-56E1-4AE9-B60A-227C30B17978} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {9AEEE46A-AB0D-4A2D-8DD2-F5EF2C3EA70C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {9E671A38-2AF8-4D77-BD71-54E1BA0516EA} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {A22450FF-0833-4CF7-B5CF-7FD91F974B34} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A3FE6E9D-A940-4BA7-B059-E49EE9AC2C59} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-10-28] (Siber Systems)
Task: {A7082E8D-5DB7-42A0-8402-619EE04DE2D1} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {A868332A-24EF-4B02-901E-2E67EBC81F92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {AC5F2C5D-16EE-4C44-9F20-CDB87D727ED3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B2DA305C-F324-42FE-80A6-37CC4A080BF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {B50881EB-2893-455A-9C21-3EF626EF7188} - System32\Tasks\{ABE38C90-E736-4AA0-A0B3-1EEB481C0636} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-09-14] (ASUSTek Computer Inc. All rights reserved.)
Task: {B712C05A-F919-41CB-9CF1-EB96F82174C6} - System32\Tasks\{267A9112-EC83-49EA-A2C5-95CB8FC62293} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-09-14] (ASUSTek Computer Inc. All rights reserved.)
Task: {BF6F692A-22A1-470C-B965-752001DC2B61} - System32\Tasks\{339E3F71-6C6E-490D-8FC3-9DD722E38906} => C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe [2014-10-09] (BitTorrent Inc.)
Task: {BFD77395-49C8-45B0-B002-9AB3E76E7A18} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C072FDB6-D0E9-431E-A60F-407F4C009420} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-01-30] (ASUSTek Computer Inc.)
Task: {C2B6DB32-B965-421C-9A93-A7C70E728966} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-26] (Microsoft Corporation)
Task: {D05E3E70-742E-4EB6-965C-5CCCE868C2DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-13] (Microsoft Corporation)
Task: {D49ABBFC-FA51-4494-B04B-B1C1919AFB95} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-12-29] (Realtek Semiconductor)
Task: {D4B2FD6E-0528-42EA-9704-402BFFA83106} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {DAC6FF6D-A57B-4E7D-91F1-F755C389F16D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {DC1A5188-101C-4DDE-B718-872C1A5A344E} - System32\Tasks\{F9CF7368-9FD1-42BF-A0BC-884D42C74A74} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-09-14] (ASUSTek Computer Inc. All rights reserved.)
Task: {DCA8681B-225E-4F5A-BF95-F85F95669910} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {E8D4B6A3-92FB-48DA-88B5-FF6AE150262E} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EB761125-D001-4906-B88F-A50393C127A4} - System32\Tasks\{93A7734E-3DB4-4BBD-AD15-6D0B976CD0D2} => C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe [2012-09-14] (ASUSTek Computer Inc. All rights reserved.)
Task: {F34B9417-6BA1-4316-B581-1028DF6749B4} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-01-09] (ASUSTeK Computer Inc.)
Task: {F5E66391-C84A-47F9-AA23-7846613AE355} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\dale\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
Shortcut: C:\Users\dale\AppData\Local\Microsoft\Windows\FileHistory\Data\781\C\Users\dale\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-07-12 17:25 - 2016-06-30 22:48 - 02656408 _____ () c:\windows\system32\CoreUIComponents.dll
2015-05-29 08:29 - 2015-05-29 08:29 - 02178896 _____ () C:\Windows\System32\FspService.exe
2015-06-24 17:48 - 2014-11-20 02:48 - 00242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-25 15:49 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-12 17:25 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2016-07-12 17:25 - 2016-06-30 22:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-26 15:33 - 2016-08-26 15:33 - 01864384 _____ () C:\Users\dale\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2015-09-11 20:02 - 2015-09-11 20:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-07-22 11:07 - 2016-05-24 10:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-02-13 06:54 - 2016-02-13 06:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 17:26 - 2016-06-30 21:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 17:25 - 2016-06-30 21:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 17:25 - 2016-06-30 21:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 17:25 - 2016-06-30 21:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 17:25 - 2016-06-30 21:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-14 14:28 - 2016-09-14 14:28 - 00274864 _____ () C:\Users\dale\AppData\Local\Facebook\Games\FacebookGames.exe
2016-04-20 14:18 - 2016-04-20 14:18 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-09-14 06:23 - 2016-09-14 06:23 - 17752064 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_2.4.1.0_x86__h6adky7gbf63m\W8.1EntryPoint.exe
2015-11-21 10:58 - 2016-07-28 02:51 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2015-11-21 10:58 - 2015-12-16 03:45 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2015-11-21 10:58 - 2015-11-16 01:19 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2015-11-21 10:58 - 2016-07-28 02:51 - 00174760 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2015-11-21 10:58 - 2015-11-16 01:19 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2015-11-21 10:58 - 2015-11-16 01:19 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-02-02 12:36 - 2016-03-29 19:28 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-08-26 15:33 - 2016-08-26 15:33 - 01383616 _____ () C:\Users\dale\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-26 15:33 - 2016-08-26 15:33 - 00118976 _____ () C:\Users\dale\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 00244024 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-29 19:01 - 2016-07-29 19:01 - 01029120 _____ () C:\Users\dale\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-07-29 19:01 - 2016-07-29 19:01 - 49805824 _____ () C:\Users\dale\AppData\Local\Facebook\Games\libcef.dll
2012-01-12 18:17 - 2012-01-12 18:17 - 00204800 _____ () C:\Program Files (x86)\ASUS\VirtualCamera\virtualCamera.ax
2009-11-02 15:20 - 2009-11-02 15:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 15:23 - 2009-11-02 15:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2012-01-31 10:25 - 2012-01-31 10:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2016-07-29 19:01 - 2016-07-29 19:01 - 00688640 _____ () C:\Users\dale\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
2016-07-29 19:01 - 2016-07-29 19:01 - 01665024 _____ () C:\Users\dale\AppData\Local\Facebook\Games\libglesv2.dll
2016-07-29 19:01 - 2016-07-29 19:01 - 00074752 _____ () C:\Users\dale\AppData\Local\Facebook\Games\libegl.dll
2016-09-16 19:33 - 2016-09-13 18:38 - 01806152 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-16 19:33 - 2016-09-13 18:38 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
2016-04-20 14:18 - 2016-04-20 14:18 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-20 14:18 - 2016-04-20 14:18 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-10 12:45 - 2016-09-10 12:46 - 00033792 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_2.4.1.0_x86__h6adky7gbf63m\IGPLib.dll
2016-09-10 12:45 - 2016-09-10 12:46 - 01146880 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_2.4.1.0_x86__h6adky7gbf63m\WindowsCorePackage.Windows81.dll
2016-09-14 06:23 - 2016-09-14 06:23 - 00096256 _____ () C:\Program Files\WindowsApps\A278AB0D.DragonManiaLegends_2.4.1.0_x86__h6adky7gbf63m\InAppPurchaseComponentW8_x86.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00242176 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\IGPBridgeLibrary\cd44743afb689d3414b1279946ae191d\IGPBridgeLibrary.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 04388864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\33e66c9a80331301eb6183809ae75a89\Windows.UI.Xaml.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 01400320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\0ed5b45abc7ca9a16e93a63ab1fb853b\Windows.UI.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\cbafdb4e11c9fd06e0a2e5efa6253883\Windows.Foundation.ni.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00368128 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\FacebookRun67b5d43e#\8b6e33b93de1806cdc317285f1a232cb\FacebookRuntimeComponent.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 02921472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\931208eb21bfb07f9a4995753d6b7f7b\Windows.ApplicationModel.ni.dll
2016-08-23 15:42 - 2016-08-23 15:42 - 00327680 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\2bae85309cc8d32749c63166845ec100\Windows.Data.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 00821248 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\70c31a6aefe21a1501d1b781a0217731\Windows.Storage.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 00670720 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\8b7b037e91d3f946b47d909a2520aa36\Windows.Security.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 00318976 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\5b634b6768e06ead196ad9f9ada35819\Windows.System.ni.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00024064 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\W8_1EntryPoint\b955da8ac31540622468effd13b74d30\W8_1EntryPoint.ni.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00223744 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\IGPWindows8\68c04e1ecc35de23a2044cc94a7d5865\IGPWindows8.ni.dll
2016-09-11 09:44 - 2016-09-11 09:44 - 00219648 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\2c5a68d9d886dd352a32d03dcfd5ebfc\Windows.Globalization.ni.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00409600 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\Notificatioc5a47191#\ff064a6e10455dc442d8cab2e7013829\NotificationsExtensions.ni.dll
2016-08-22 15:40 - 2016-08-22 15:40 - 03154432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\d14f3937e304db4b252f5f55e19b9fde\Windows.Devices.ni.dll
2016-09-11 09:44 - 2016-09-11 09:44 - 00686080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\73381c72f827b6dd9de39b9db4eded26\Windows.Graphics.ni.dll
2016-09-11 09:45 - 2016-09-11 09:45 - 00059904 _____ () C:\Users\dale\AppData\Local\Packages\a278ab0d.dragonmanialegends_h6adky7gbf63m\AC\Microsoft\CLR_v4.0_32\NativeImages\WCPToolkit\d02e8df2953bb04421a67f9d7ed493b9\WCPToolkit.ni.dll
2016-08-23 15:42 - 2016-08-23 15:42 - 00840704 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Web\07d8e1abbd483b5cbb1a57e66051b73f\Windows.Web.ni.dll
2016-09-17 09:10 - 2016-09-12 17:48 - 17754304 _____ () C:\Users\dale\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.166\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\facebook.com -> www.facebook.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\hotmail.com -> hxxps://www.hotmail.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\runescape.com -> hxxps://services.runescape.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\bing.com -> hxxp://www.bing.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\longfintuna.net -> hxxp://web.longfintuna.net
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\systweak.com -> hxxp://www.systweak.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\facebook.com -> www.facebook.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\hotmail.com -> hxxps://www.hotmail.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\runescape.com -> hxxps://services.runescape.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\bing.com -> hxxp://www.bing.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\longfintuna.net -> hxxp://web.longfintuna.net
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\systweak.com -> hxxp://www.systweak.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\facebook.com -> www.facebook.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\hotmail.com -> hxxps://www.hotmail.com
IE trusted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\runescape.com -> hxxps://services.runescape.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\bing.com -> hxxp://www.bing.com
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\longfintuna.net -> hxxp://web.longfintuna.net
IE restricted site: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\systweak.com -> hxxp://www.systweak.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-24 17:54 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\dale\Pictures\yah1.jpg
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\dale\Pictures\yah1.jpg
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper -> C:\Users\dale\Pictures\yah1.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 64.59.184.15 - 64.59.190.245
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: BitTorrent => "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "ACMON"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\StartupApproved\StartupFolder: => "ERUNT AutoBackup.lnk"
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\StartupFolder: => "ERUNT AutoBackup.lnk"
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\StartupApproved\StartupFolder: => "ERUNT AutoBackup.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{B1B77622-1C84-4041-BBAC-6C5427C69367}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{46486258-7E59-4C0F-8377-99D557044171}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{573C4EB1-ADA6-4906-8966-652D017B2607}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{DEED7CCF-17C1-41C0-8A58-5D3CFB93B4CF}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [UDP Query User{0D407FD3-1997-490E-BDFE-99613FE97478}C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{B2669C97-3AFE-412F-9BE9-C1A85B4104E7}C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E1E36F88-FEAE-4AF8-A0A2-A44E79B3DA07}C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{7EFB48B7-168F-4D7E-97D9-88E67E991906}C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\dale\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{C45E60B9-CC36-48C1-8DA7-B6BA7393B4CC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55A8E146-323E-49CB-995B-91FF7EFE2403}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A28B6654-2068-4639-9DAC-AC2C417C4F94}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FB6A9AA3-3F05-40D7-AC77-AC5459FE26E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6F0862CE-24C6-49EF-9AA9-95CABE085BBF}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{4FAFF1B0-A258-4253-B7FC-EE208C6D8B97}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [UDP Query User{982F146A-3574-49E4-AD9C-B01D7ADDBB93}C:\users\dale\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dale\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{3A93DFC4-CF03-4161-809C-07A7F6A78B41}C:\users\dale\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\dale\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{73ED8503-7E84-4009-BE19-C12C5F933BB2}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{F75A447A-2263-40B2-AB38-1703FB9C1F9E}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [UDP Query User{2D04ABDC-62BE-406D-846D-D3018A0FFA02}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{42BDA63B-2411-4ABF-AAE6-F08CAED61B19}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{D44D37B3-58E3-4F13-9EF5-4DAA619E4874}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [TCP Query User{F16FB283-F3BD-4A49-AFFB-449C2851573C}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{E25B7853-4F06-4634-A3F3-A592A324FC44}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{CCD0F3D3-3F3A-47C9-BCE7-D69717E88F5E}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{A60B4866-28E1-4652-A41B-8A8EC1244BD4}] => (Allow) C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B462791E-213F-4066-AE70-23C2BFDFCF75}] => (Allow) C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2EF18549-AB05-4024-8C58-CAF7BEFA8A1C}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{395D36CE-C5BF-4E23-AF44-746C91130066}] => (Allow) C:\Windows\explorer.exe
FirewallRules: [{ADCC5165-00E2-4D9A-BD82-93CFB74D867C}] => (Allow) C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{A5922C76-D42D-4C45-AF5C-ABC7F49DD218}] => (Allow) C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C3CDDF29-D67A-4630-833F-552B03C1C4B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{88302879-3F61-4922-8CD4-A7EA1020ED10}] => (Allow) LPort=8888
FirewallRules: [{76117A0D-45ED-4600-95EB-C08476E20C98}] => (Allow) LPort=8888
FirewallRules: [{CFCC883C-E50C-49A0-BE33-20761408DF76}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{86315A17-DE80-44ED-9DB5-8C8C466070A4}] => (Allow) LPort=8182
FirewallRules: [{32CA6032-93C4-4472-A793-FC6A795651DE}] => (Allow) LPort=5353
FirewallRules: [{791077C2-119B-483E-ACC9-A0ED846C0768}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2B0A300F-2FA9-4EE6-98F0-44D93A1F0EB4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1A165FF4-80F7-488F-A0ED-2A89D740AF12}] => (Allow) LPort=1900
FirewallRules: [{2CE2C232-DEBE-48D9-BAB6-AFF70DA911C3}] => (Allow) LPort=2869
FirewallRules: [{E6B0EF51-00A0-4BC8-8249-D6D366A96D6E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{DCE4C303-E728-4DC3-9C29-92EC1C613E7C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C52E211C-B701-469B-9D4F-CF513AFF8638}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7E283D9D-CA1C-4E86-A78C-ED123D4EEAB4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9E2693EF-B1C3-4692-988D-8CDC6E82D0EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{6662DBEB-1F85-441C-A906-A74E35FD4F61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{89828B80-A85C-4BB0-8792-4ECF2FBEBCC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8B7E9451-BDBC-4382-A5EF-028D8F48D434}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{64FF657A-9663-4068-9BED-B0D87C0B0F02}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [UDP Query User{F5C1ABFD-9EF8-4C36-9E85-BB407217EB29}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe
FirewallRules: [TCP Query User{20D42160-A355-4894-846E-F6A73238FD8B}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [UDP Query User{5D8CEAFB-954F-4AEA-8278-7291615EABA4}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilego.exe
FirewallRules: [{78A1296A-4625-49CD-B9BB-61A0D62BD9A0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3ADFC1FD-8804-4B15-95C1-27567EEEF4C8}] => (Allow) C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe
FirewallRules: [{1EF7A661-86A3-40B6-B51F-4E6160C5BA6E}] => (Allow) C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{D1CD2E73-DAAE-4915-AB21-72C47083ACF6}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{81014260-616E-4D38-A67B-CED3A87641D3}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{2A1C64C3-EE5F-4C2E-9335-7B7A5861F8AA}C:\users\dale\desktop\pokemon white\desmume_vs2008.exe] => (Block) C:\users\dale\desktop\pokemon white\desmume_vs2008.exe
FirewallRules: [UDP Query User{D27C468E-5D2A-4F40-8E91-A41389BE81A8}C:\users\dale\desktop\pokemon white\desmume_vs2008.exe] => (Block) C:\users\dale\desktop\pokemon white\desmume_vs2008.exe
FirewallRules: [{BBD493F7-701D-4AFE-9B3F-17C590320B81}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4AE50E9B-53E6-4EF3-9BD4-D9E61035B68A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

09-09-2016 11:37:29 Scheduled Checkpoint
13-09-2016 18:21:55 Windows Update
13-09-2016 18:23:09 Windows Update
21-09-2016 18:17:05 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2016 06:17:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/20/2016 11:00:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15297

Error: (09/20/2016 11:00:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15297

Error: (09/20/2016 11:00:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/20/2016 06:41:34 AM) (Source: DbxSvc) (EventID: 270) (User: )
Description: Filter Unload failed with: (-2145452013) The system could not find the filter specified.

Error: (09/20/2016 06:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 26162140

Error: (09/20/2016 06:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 26162140

Error: (09/20/2016 06:14:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/19/2016 04:47:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DALE-ASUS)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/19/2016 04:47:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DALE-ASUS)
Description: Activation of application Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (09/21/2016 07:12:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3841c97b service to connect.

Error: (09/21/2016 07:12:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3841c97b service to connect.

Error: (09/21/2016 07:12:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3841c97b service to connect.

Error: (09/21/2016 07:12:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3841c97b service to connect.

Error: (09/21/2016 07:12:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_3841c97b service to connect.

Error: (09/21/2016 07:12:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3841c97b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/21/2016 07:12:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3841c97b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/21/2016 07:12:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3841c97b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/21/2016 07:12:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3841c97b service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/21/2016 06:09:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.


CodeIntegrity:
===================================
Date: 2016-09-14 07:07:59.882
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-14 06:23:35.224
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:27.006
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:25.873
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:24.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:23.314
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:21.497
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:19.710
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:13.053
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-09-02 12:19:12.282
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 62%
Total physical RAM: 8169.16 MB
Available physical RAM: 3102.18 MB
Total Virtual: 10949.76 MB
Available Virtual: 3167.71 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.01 GB) (Free:169.64 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:392.82 GB) NTFS
Drive e: (SDATA1) (Fixed) (Total:349.3 GB) (Free:349.17 GB) NTFS
Drive f: (SDATA2) (Fixed) (Total:349.33 GB) (Free:203.65 GB) NTFS
Drive r: (RECOVERY) (Fixed) (Total:24.98 GB) (Free:12.24 GB) FAT32 ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 38601C96)
Partition 1: (Not Active) - (Size=25 GB) - (Type=0C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=394.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: BBC58B91)
Partition 1: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 23 September 2016 - 09:36 AM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 23 September 2016 - 09:22 AM

Greetings soderquist1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 23 September 2016 - 09:57 AM

Greetings again and thank you for your patience. I am not seeing any evidence of malicious software on your computer.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can uninstall the program(s) via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Zemana AntiMalware


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 dbx; system32\DRIVERS\dbx.sys [X]
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Zemana AntiMalware uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#5 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 September 2016 - 06:52 PM

Alright both are completed :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-09-2016
Ran by dale (23-09-2016 17:31:09) Run:2
Running from C:\Users\dale\Downloads
Loaded Profiles: dale (Available Profiles: dale)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S3 dbx; system32\DRIVERS\dbx.sys [X]
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2803351199-1918054348-220819788-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
dbx => service not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23214237 B
Java, Flash, Steam htmlcache => 1333 B
Windows/system/drivers => 3346336 B
Edge => 8305109 B
Chrome => 904095783 B
Firefox => 15610572 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 16444 B
NetworkService => 1878 B
dale => 5941058 B
DefaultAppPool => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 916.1 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:32:36 ====
 
# AdwCleaner v6.020 - Logfile created 23/09/2016 at 17:44:23
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-23.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : dale - DALE-ASUS
# Running from : C:\Users\dale\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\dale\AppData\Roaming\ParetoLogic
[-] Folder deleted: C:\Users\dale\AppData\Local\VirtualStore\Program Files (x86)\otshot
[-] Folder deleted: C:\ProgramData\ParetoLogic
[-] Folder deleted: C:\ProgramData\Thunder Network
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Thunder Network


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\Reimage.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Applications\iLividSetup-r428-n-bc.exe
[-] Key deleted: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Classes\bndle
[#] Key deleted on reboot: HKCU\Software\Classes\bndle
[-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[-] Key deleted: HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[-] Key deleted: HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\bndle
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\jZipShell.jZipShellExt.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{3ED98568-A949-49CB-8ED0-3A703F6D4166}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{F8A4FC32-DDA3-4DD9-8C62-49F778FF630B}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{94047607-3841-4CE6-AE4D-14FF23AF9458}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key deleted: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Reimage
[-] Key deleted: HKU\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\Reimage
[#] Key deleted on reboot: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[-] Key deleted: HKLM\SOFTWARE\SmartPCFixer
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\Reimage
[#] Key deleted on reboot: [x64] HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief.
[-] Key deleted: [x64] HKLM\SOFTWARE\Reimage
[-] Key deleted: [x64] HKLM\SOFTWARE\SmartPCFixer
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\f
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\jZipShell.DLL
[-] Key deleted: HKLM\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\jZip
[-] Value deleted: HKLM\SOFTWARE\RegisteredApplications [jZip]


***** [ Web browsers ] *****

[-] [C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com
[-] [C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dts.search.ask.com
[-] [C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5066 Bytes] - [23/09/2016 17:44:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [4907 Bytes] - [23/09/2016 17:43:36]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5212 Bytes] ##########


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 23 September 2016 - 06:56 PM

Thank you.
 

Did Zemana AntiMalware uninstall?
Update on computer performance

 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#7 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 September 2016 - 08:25 PM

Hi no it did not, do i need to uninstall it?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 23 September 2016 - 08:30 PM

If you could I would appreciate it. 2 antivirus programs have the potential to create system performance issues.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#9 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 23 September 2016 - 09:05 PM

Alright consider it done :), anything else you need me to run ? that adwcleaner detected about 55 so i would suspect more removal tools required to confirm my computer has bin cleaned



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 24 September 2016 - 01:56 PM

Before doing anything else it would help if you could updated me regarding your computer performance. That will dictate what we do next.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#11 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 September 2016 - 12:42 PM

everything seems to be running normaly like it should except i just recently noticed that random box show up again


Edited by soderquist1, 25 September 2016 - 12:46 PM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 25 September 2016 - 01:28 PM

Can you describe what the window/box looks like, what it says, how log it stays on the screen, and how often it happens?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#13 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 September 2016 - 03:12 PM

it is a small white box/window That randomly appears for not even a sec then goes away. It Appears when i open new windows quite often


Edited by soderquist1, 25 September 2016 - 05:09 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,200 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:20 AM

Posted 25 September 2016 - 04:10 PM

Greetings,

This might be tough to isolate. Let's run a few programs to look for malware. Please do this.

===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop
  • Right-click on TDSSKiller.exe and select Run As Administrator
  • Click Accept on the End User License Agreement
  • Click Accept on the KSN Statement
  • Click Change parameters
  • Place a check mark in the following boxes

Detect TDLFS file system
Verify file digital signatures

  • Click OK
  • Click Start Scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects
  • If an infected file is detected, the default action will be Cure...do not change it
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now
  • Hit the Windows Key + E at the same time
  • Double click your Local Disk C: drive
  • Locate the file similar to TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that file in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
  • Double click the aswMBR.exe file to run it. If requested, allow Avast to update the antivirus engine definitions
  • Leave the default settings then click Scan
  • When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
  • Copy and paste the contents of the log in your reply
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Roguekiller log
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"For unto us a Child is born, Unto us a Son is given;"

#15 soderquist1

soderquist1
  • Topic Starter

  • Members
  • 129 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 25 September 2016 - 10:22 PM

Alright Rogue done here is the report

 

RogueKiller V12.6.3.0 (x64) [Sep 19 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : dale [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/25/2016 20:37:05 (Duration : 00:43:20)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{09CFDB88-F9F0-40ba-885E-F47A957D12E6} (C:\Program Files\Reimage\Reimage Express\ReiEngine.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{2B1B440F-A9DB-46e3-ADCF-AA6E08143FB8} (C:\Program Files\Reimage\Reimage Express\ReiEngine.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} (C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll) -> Found
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{E677C7AD-2B66-4539-AA29-3771A1CFEDA9} -> Found
[Hidden.From.SCM] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\iorate (system32\drivers\iorate.sys) -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 64.59.184.15 64.59.190.245 ([Canada][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 64.59.184.15 64.59.190.245 ([Canada][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{332bc5a9-44a4-476c-b6f2-f88aa738be70} | DhcpNameServer : 64.59.184.17 64.59.191.229 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d6ae253e-600d-40b3-ad14-58a30050b37f} | DhcpNameServer : 64.59.184.15 64.59.190.245 ([Canada][-])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{332bc5a9-44a4-476c-b6f2-f88aa738be70} | DhcpNameServer : 64.59.184.17 64.59.191.229 ([Canada][Canada])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{d6ae253e-600d-40b3-ad14-58a30050b37f} | DhcpNameServer : 64.59.184.15 64.59.190.245 ([Canada][-])  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1EF7A661-86A3-40B6-B51F-4E6160C5BA6E} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3ADFC1FD-8804-4B15-95C1-27567EEEF4C8} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1EF7A661-86A3-40B6-B51F-4E6160C5BA6E} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {3ADFC1FD-8804-4B15-95C1-27567EEEF4C8} : v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\dale\AppData\Local\Temp\7zS650C\HPDiagnosticCoreUI.exe|Name=HPSAPS| [x] -> Found
 
¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] \{339E3F71-6C6E-490D-8FC3-9DD722E38906} -- C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe -> Found
[Suspicious.Path] \{4177DDE1-F197-45A4-9D68-66C4857FD80A} -- C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 36931a1f333debaf09bc094e27123de3
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 285711 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 637566976 | Size: 450 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] b17efdbde997cde13963cd71a27bec4c
[BSP] e6c2cebec9d5914c6fe029aa4b621d92 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 357688 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: Lexar USB Flash Drive USB Device +++++
--- User ---
[MBR] 6763aba251d84cebf2ce15888165bbe9
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 30535 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users