1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Audio Hijack and Windows Update not Finding/Downloading Upds

Discussion in 'Virus & Other Malware Removal' started by ksdnyy, Apr 24, 2016.

Thread Status:
Not open for further replies.
Advertisement
  1. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    Two separate issues that may be related. Posted in this forum due to possible audio hijack.
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    first step
    Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

    See the screenshot where the proper download buttons are highlighted
    [​IMG]

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    Close your browser and double click on this icon on your desktop:

    [​IMG]

    You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
    Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

    [​IMG]
     
  3. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    ok, will ADWCleaner conflict with HitmanPro and HitmanPro Alert ?
    thanks
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Not at all, none of the programs or tools we will run, will cause any conflicts
     
  5. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    Derek, Report as requested. Same system noises occurred after running AdwCleaner and rebooting. (Also some months ago internal camera on smart phone sounded as if it was going off after opening sites.)

    # AdwCleaner v5.114 - Logfile created 27/04/2016 at 14:25:33
    # Updated 27/04/2016 by Xplode
    # Database : 2016-04-27.1 [Server]
    # Operating system : Windows 7 Home Premium Service Pack 1 (X64)
    # Option : Clean
    # Support : http://toolslib.net/forum
    ***** [ Services ] *****
    ***** [ Folders ] *****
    ***** [ Files ] *****
    [-] File Deleted : C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    [-] File Deleted : C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
    ***** [ DLLs ] *****
    ***** [ WMI ] *****
    ***** [ Shortcuts ] *****
    ***** [ Scheduled tasks ] *****
    ***** [ Registry ] *****
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
    [-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
    ***** [ Web browsers ] *****
     
  6. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    Unable to download Windows Update after running scan. 46 updates indicated, tried downloading a few at a time, nothing downloaded.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    OK next step
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to download and run the 64 bit version

    • Right click to run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
     
  8. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    Derek: question about Addition file indicating Administrator disabled, it was not my intent for Administrator to be disabled. Also, what are the Application and System errors at end of file. Thanks!

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
    Ran by (administrator) (28-04-2016 23:00:05)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxduserv.exe
    ( ) C:\Windows\System32\lxducoms.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
    (ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumsdmon.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ATK) C:\Program Files\P4G\BatteryLife.exe
    (ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    (j2 Global Communications, Inc.) C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe
    (ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    (ASUS) C:\Windows\AsScrPro.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
    HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-10-14] ()
    HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-10-14] ()
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-06] (Apple Inc.)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-26] (ASUS)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
    HKLM-x32\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
    HKLM-x32\...\Run: [Lexmark 5600-6600 Series] => C:\Program Files (x86)\Lexmark 5600-6600 Series\fm3032.exe [311976 2010-10-14] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2009-08-17] (j2 Global Communications, Inc.)
    HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\Run: [Dropbox Update] => C:\Users\KC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
    HKU\S-1-5-18\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    HKU\S-1-5-18\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-04-25] (Google)
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
    ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\KC\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll No File
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
    ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-03-03]
    ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-03-03]
    ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
    BootExecute: autocheck autochk * bootdelete

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{09ED5C56-6653-43EA-91FB-2ED181A4E6D7}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    HKU\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://amazon.com/
    HKU\S-1-5-21-4271711602-4053031425-695835939-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-4271711602-4053031425-695835939-1001 -> DefaultScope {AB9E4682-953D-48AD-82B8-75BFFCD79F1A} URL = hxxps://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-4271711602-4053031425-695835939-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4271711602-4053031425-695835939-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-4271711602-4053031425-695835939-1001 -> {AB9E4682-953D-48AD-82B8-75BFFCD79F1A} URL = hxxps://www.google.com/search?q={searchTerms}
    BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-03-19] (Oracle Corporation)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
    BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll [2010-10-14] ()
    BHO-x32: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll [2008-12-08] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-19] (Oracle Corporation)
    BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
    BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll [2010-10-14] ()
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-19] (Oracle Corporation)
    Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll [2010-10-14] ()
    Toolbar: HKU\S-1-5-21-4271711602-4053031425-695835939-1001 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
    DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: HKLM-x32 {0612502E-29F8-11D6-BC3C-00C0F0167E34} hxxp://pmar.crsdata.com/CRSDataObject/CRSNInfo.cab
    DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} hxxp://pmar.crsdata.com/realestate/maps/downloads/mgaxctrlv65.cab
    DPF: HKLM-x32 {C52439A0-2693-4E40-B141-9F9AD5257241} hxxps://ediagnostics.lexmark.com/serval.cab
    DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://trulia.webex.com/client/WBXclient-T28L10NSP11-16469/nbr/ieatgpc1.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21] (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-03-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.75.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-06-26] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-05-04] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-19] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
    FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-08-01] (Nitro PDF)
    FF Plugin-x32: @nitropdf.com/NitroPDF.PrevVerNPR -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-09-05] ( )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-4271711602-4053031425-695835939-1001: @citrixonline.com/appdetectorplugin -> C:\Users\KC\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-12-13] (Citrix Online)
    FF Plugin HKU\S-1-5-21-4271711602-4053031425-695835939-1001: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\KC\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [No File]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://poc.flexmls.com/
    CHR StartupUrls: Default -> "hxxp://gmail.com/"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\PepperFlash\pepflashplayer.dll ()
    CHR Profile: C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (DocHub - Edit and Sign PDF Documents) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2016-02-16]
    CHR Extension: (PDFescape Free PDF Editor) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdefoklganepljiopdnglodohlgfikkl [2014-11-17]
    CHR Extension: (Skype) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-28]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\KC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-25] (SurfRight B.V.)
    R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4383440 2016-04-24] (SurfRight B.V.)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2010-10-14] (Lexmark International, Inc.) [File not signed]
    R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2010-10-14] ( ) [File not signed]
    R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2010-10-14] ( ) [File not signed]
    R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-09-05] (Nitro PDF Software)
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-08-01] (Nitro PDF Software)
    R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [216080 2012-06-25] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [418312 2014-08-01] ()
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    S3 ehRecvr; no ImagePath
    S3 ehSched; no ImagePath
    S2 RoxLiveShare9; no ImagePath

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-30] (GFI Software)
    R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [177040 2016-04-24] (SurfRight B.V.)
    R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [84520 2016-04-24] (SurfRight B.V.)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S0 Lbd; no ImagePath
    S3 RimUsb; no ImagePath
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-11] ()
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    U3 tmlwf; no ImagePath
    U3 tmwfp; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-28 23:00 - 2016-04-28 23:00 - 00023367 _____ C:\Users\KC\Desktop\FRST.txt
    2016-04-28 22:59 - 2016-04-28 23:00 - 00000000 ____D C:\FRST
    2016-04-28 22:58 - 2016-04-28 22:59 - 02376704 _____ (Farbar) C:\Users\KC\Desktop\FRST64.exe
    2016-04-27 14:15 - 2016-04-27 14:15 - 03581504 _____ C:\Users\KC\Desktop\AdwCleaner.exe
    2016-04-24 18:46 - 2016-04-24 22:39 - 00000000 ____D C:\Users\KC\Downloads\Matlock
    2016-04-24 17:52 - 2016-04-28 22:56 - 00000000 ____D C:\Windows\CryptoGuard
    2016-04-24 17:52 - 2016-04-28 13:45 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
    2016-04-24 17:52 - 2016-04-24 17:52 - 00848080 _____ (SurfRight B.V.) C:\Windows\system32\hmpalert.dll
    2016-04-24 17:52 - 2016-04-24 17:52 - 00767184 _____ (SurfRight B.V.) C:\Windows\SysWOW64\hmpalert.dll
    2016-04-24 17:52 - 2016-04-24 17:52 - 00177040 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpalert.sys
    2016-04-24 17:52 - 2016-04-24 17:52 - 00084520 _____ (SurfRight B.V.) C:\Windows\system32\Drivers\hmpnet.sys
    2016-04-24 17:52 - 2016-04-24 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
    2016-04-24 17:52 - 2016-04-24 17:52 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
    2016-04-24 17:48 - 2016-04-24 17:49 - 04383440 _____ (SurfRight B.V.) C:\Users\KC\Desktop\hmpalert31.exe
    2016-04-24 16:54 - 2016-04-24 16:54 - 00302011 _____ C:\Users\KC\Desktop\WindowsUpdateDiagnostic.diagcab
    2016-04-24 16:34 - 2016-04-24 16:34 - 00142264 _____ C:\Users\KC\Desktop\UWT.zip
    2016-04-24 15:31 - 2016-04-24 15:31 - 00985600 _____ C:\Users\KC\Desktop\MicrosoftFixit50123.msi
    2016-04-23 13:27 - 2016-04-23 13:46 - 00401616 _____ C:\TDSSKiller.3.1.0.9_23.04.2016_13.27.27_log.txt
    2016-04-23 13:00 - 2016-04-23 13:00 - 00000000 ____D C:\Users\KC\AppData\Local\VirtualStore
    2016-04-22 19:59 - 2016-04-24 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-04-16 17:16 - 2016-04-24 15:15 - 00000000 ____D C:\Users\KC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-04-07 19:38 - 2016-04-07 19:38 - 00757196 _____ C:\Users\KC\Downloads\Matlock listing.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-04-28 23:01 - 2015-06-18 16:50 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001UA.job
    2016-04-28 22:56 - 2014-02-08 20:24 - 00000532 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4271711602-4053031425-695835939-1001.job
    2016-04-28 22:56 - 2011-01-18 18:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-04-28 21:15 - 2015-05-29 20:28 - 00000628 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4271711602-4053031425-695835939-1001.job
    2016-04-28 20:03 - 2010-03-22 23:30 - 00003898 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D15BE00C-1310-4B99-9B27-9B5E2832F5CB}
    2016-04-28 18:01 - 2015-06-18 16:50 - 00000854 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001Core.job
    2016-04-28 17:52 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-04-28 17:52 - 2009-07-13 21:45 - 00010240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-04-28 14:28 - 2012-11-01 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2016-04-28 13:46 - 2011-01-18 18:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-04-28 13:46 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-04-27 14:31 - 2010-03-03 00:32 - 00001752 _____ C:\Windows\system32\ServiceFilter.ini
    2016-04-27 14:25 - 2013-12-09 04:02 - 00000000 ____D C:\AdwCleaner
    2016-04-27 14:11 - 2015-08-15 21:29 - 11441168 _____ (SurfRight B.V.) C:\Users\KC\Desktop\HitmanPro_x64.exe
    2016-04-24 19:20 - 2012-02-13 14:28 - 00000000 ____D C:\Users\KC\AppData\Roaming\Nitro PDF
    2016-04-24 17:55 - 2013-12-21 12:03 - 00000000 ____D C:\Users\KC\AppData\Local\ElevatedDiagnostics
    2016-04-24 17:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Catroot2.old
    2016-04-24 15:57 - 2010-07-09 15:27 - 00000000 ____D C:\Users\Guest
    2016-04-24 15:17 - 2013-05-09 07:32 - 00045056 _____ C:\Windows\system32\acovcnt.exe
    2016-04-24 15:17 - 2010-03-22 23:18 - 00000000 ____D C:\Users\KC
    2016-04-24 15:16 - 2015-05-11 22:34 - 00000000 ___SD C:\Windows\system32\GWX
    2016-04-24 15:16 - 2010-03-03 00:02 - 00000000 ____D C:\Windows\softwaredistribution.bak
    2016-04-24 15:16 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Defender
    2016-04-24 15:15 - 2011-03-10 20:30 - 00000000 ____D C:\ProgramData\Lx_cats
    2016-04-24 15:15 - 2010-03-03 00:32 - 00000000 ____D C:\ProgramData\P4G
    2016-04-24 15:15 - 2009-07-14 00:44 - 00000000 ___RD C:\Users\Public\Recorded TV
    2016-04-24 15:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
    2016-04-24 15:14 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
    2016-04-24 15:11 - 2010-03-03 00:18 - 00000000 ____D C:\Program Files (x86)\ASUS
    2016-04-21 10:59 - 2009-07-13 22:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-04-18 13:26 - 2010-03-23 17:36 - 00000000 ____D C:\Users\KC\AppData\Roaming\Skype
    2016-04-18 03:31 - 2010-03-23 12:32 - 00000000 ____D C:\Users\KC\Documents\Coaching
    2016-04-17 20:00 - 2010-03-23 12:34 - 00000000 ____D C:\Users\KC\Documents\Tax
    2016-04-16 17:17 - 2013-11-05 19:07 - 00000000 ____D C:\Users\KC\AppData\Roaming\Dropbox
    2016-04-15 09:30 - 2010-03-23 17:34 - 00000000 ___RD C:\Program Files (x86)\Skype
    2016-04-15 09:30 - 2010-03-23 17:34 - 00000000 ____D C:\ProgramData\Skype
    2016-04-14 22:02 - 2015-12-09 02:09 - 00000000 ____D C:\Users\KC\Downloads\Cap One
    2016-04-13 21:47 - 2015-05-29 20:28 - 00003644 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4271711602-4053031425-695835939-1001
    2016-04-13 21:47 - 2014-02-08 20:24 - 00003548 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4271711602-4053031425-695835939-1001
    2016-04-13 21:28 - 2012-09-12 17:08 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-04-07 00:19 - 2015-10-27 14:59 - 00000000 ____D C:\Users\KC\Downloads\Ancestry
    2016-03-30 22:34 - 2015-12-16 13:41 - 00000000 ____D C:\Users\KC\Downloads\House Ideas

    ==================== Files in the root of some directories =======

    2007-06-12 10:34 - 2007-06-12 10:34 - 0035822 _____ () C:\Program Files (x86)\Common Files\ASPG_icon.ico
    2008-05-22 09:35 - 2008-05-22 09:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
    2009-04-08 11:31 - 2009-04-08 11:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
    2008-08-11 22:45 - 2008-08-11 22:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
    2010-06-15 12:59 - 2010-06-15 12:59 - 0038439 _____ () C:\Users\KC\AppData\Roaming\Comma Separated Values (DOS).ADR
    2011-09-28 14:40 - 2013-03-04 11:35 - 0038433 _____ () C:\Users\KC\AppData\Roaming\Comma Separated Values (Windows).ADR
    2011-09-05 15:17 - 2011-09-05 16:17 - 0038446 _____ () C:\Users\KC\AppData\Roaming\Microsoft Excel 97-2003.ADR
    2011-03-31 19:42 - 2011-09-12 20:32 - 0000462 _____ () C:\Users\KC\AppData\Roaming\Rim.Desktop.Exception.log
    2011-03-31 19:31 - 2012-06-12 16:01 - 0003125 _____ () C:\Users\KC\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2011-09-09 17:37 - 2011-09-12 20:32 - 0000308 _____ () C:\Users\KC\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2010-03-23 09:03 - 2012-07-10 10:38 - 0000572 _____ () C:\Users\KC\AppData\Roaming\wklnhst.dat
    2014-11-19 12:50 - 2014-11-19 12:50 - 0001524 _____ () C:\Users\KC\AppData\Local\recently-used.xbel
    2011-03-31 21:23 - 2011-03-31 21:23 - 0000256 _____ () C:\ProgramData\lxdu.log
    2011-03-31 19:09 - 2015-01-27 15:00 - 0002017 _____ () C:\ProgramData\lxduDiagnostics.log
    2011-03-10 20:52 - 2012-08-24 16:09 - 0048060 _____ () C:\ProgramData\lxduJSW.log
    2011-03-10 19:55 - 2011-03-10 19:55 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.5072.dll


    Some files in TEMP:
    ====================
    C:\Users\KC\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7ehxk4.dll
    C:\Users\KC\AppData\Local\Temp\SkypeSetup.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-28 12:24

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
    Windows 7 Home Premium Service Pack 1 (X64) (2010-03-23 06:18:04)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================
    Administrator (S-1-5-21-4271711602-4053031425-695835939-500 - Administrator - Disabled)
    Guest (S-1-5-21-4271711602-4053031425-695835939-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-4271711602-4053031425-695835939-1002 - Limited - Enabled)
    KC (S-1-5-21-4271711602-4053031425-695835939-1001 - Administrator - Enabled) => C:\Users\KC

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
    ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
    Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon)
    Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
    ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
    ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
    ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
    ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
    ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
    ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
    ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
    ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
    ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
    ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
    ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
    AVS Document Converter 2.0.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: - Online Media Technologies Ltd.)
    AVS Image Converter 2.1.2.169 (HKLM-x32\...\AVS Image Converter_is1) (Version: - Online Media Technologies Ltd.)
    AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
    Blurity version 1.5.175 (HKLM-x32\...\{E296676F-4FE5-42B8-AF08-014D274EA1A1}_is1) (Version: 1.5.175 - Nesota LLC)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    calibre (HKLM-x32\...\{3806764C-0AA7-4082-908D-C3671372C1E8}) (Version: 0.8.64 - Kovid Goyal)
    Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
    Dropbox (HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
    eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.0.521 - j2 Global)
    ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )
    Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
    Fuze Meeting (HKLM-x32\...\{E5E8EF4B-ADC8-4A7E-A3FB-3842A87A97F3}) (Version: 1.10.39023 - Fuze Box, Inc.)
    GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
    Google Drive (HKLM-x32\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GoToMeeting 7.16.0.4800 (HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\GoToMeeting) (Version: 7.16.0.4800 - CitrixOnline)
    HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
    HitmanPro.Alert 3 (HKLM\...\HitmanPro.Alert) (Version: 3.1.9.364 - SurfRight B.V.)
    Instant File Opener 3.0.1 (HKLM-x32\...\{522f0e3f-31c2-4343-afb0-c5572f28f1cb}_is1) (Version: - Magnonic Software)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2021 - Intel Corporation)
    iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
    Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
    Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
    Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
    Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Nitro Pro 7 (HKLM\...\{F14DA6DA-5640-49BB-91A3-D56813D0878F}) (Version: 7.5.0.29 - Nitro PDF Software)
    Nitro Pro 9 (HKLM-x32\...\{365ea527-e0f5-47eb-8d9e-ecadeed4e39b}) (Version: 9.5.3.8 - Nitro)
    Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
    Nitro Reader 2 (HKLM\...\{6C87223E-0EE1-4703-9789-2C986D860B20}) (Version: 2.4.1.15 - Nitro PDF Software)
    OpenSSL 0.9.7f (HKLM-x32\...\OpenSSL_is1) (Version: - OpenSSL Win32 Installer Team)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.8 - Google, Inc.)
    Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
    Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
    Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
    Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
    SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
    Stellar Phoenix Outlook PST Repair (HKLM\...\Stellar Phoenix Outlook PST Repair_is1) (Version: 5.0.0.0 - Stellar Information Technology Pvt Ltd.)
    The Power Of Love (HKLM-x32\...\The Power Of Love_is1) (Version: 1.0 - Its All About Women)
    Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.054 - The New York Times Company)
    Times Reader (x32 Version: 2.054 - The New York Times Company) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
    WebEx (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
    WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )
    Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4271711602-4053031425-695835939-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\KC\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4271711602-4053031425-695835939-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2128\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {1DB9A7B5-C351-4671-A464-D3C0851BAF77} - System32\Tasks\{8AB7411C-6E9A-4140-B883-83BABF01D47F} => pcalua.exe -a C:\lexmark\drivers\1200\Setup.exe -d C:\lexmark\drivers\1200
    Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {2F78E204-E30C-4DF5-A697-5C89C67236C8} - System32\Tasks\{B4A528D4-FD41-494D-9572-07E00D2D11D9} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsMain
    Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {3CEEDBF6-8ADD-422C-A89C-4E78987B7E13} - System32\Tasks\{E224AF6B-98D2-47CA-BD52-EDC852F82B6D} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112.217/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;userdeclined,google-chrome:notoffered;userlevelpresent
    Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {40F820CF-42E1-466A-9A4C-A734EBCCF86A} - System32\Tasks\{250C3A92-363C-4938-9B65-578B957AFF92} => pcalua.exe -a E:\Setup.EXE -d E:\
    Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {4DAD6497-5836-41C8-8F01-BC97138D4B01} - System32\Tasks\G2MUpdateTask-S-1-5-21-4271711602-4053031425-695835939-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupdate.exe [2016-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {4E5FD3A9-FB8D-434C-8A2A-009484A552D5} - System32\Tasks\{08C180CF-4D7F-4F89-BA2D-54FF76D57FA7} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsMain
    Task: {4E8B5837-2D9F-4E83-A28C-9423A9DD2234} - System32\Tasks\{A642FA5B-134D-434D-8F6A-B726C0F53239} => pcalua.exe -a C:\Users\KC\Desktop\TFOL4538.exe -d C:\Users\KC\Desktop
    Task: {52019420-C387-47F1-9FB7-42E87FEB80D8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    Task: {5A5228A8-5E62-4C75-BEBF-1102B72540B6} - System32\Tasks\{5FE73813-A239-4241-A519-4F6DB755014C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.119.217/en/go/help.faq.installer?LastError=1618
    Task: {640085B6-08FB-40F9-855C-7A8FCBB0D4C5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001Core => C:\Users\KC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {69035478-C22D-4583-B16E-6BEF075E8336} - System32\Tasks\G2MUploadTask-S-1-5-21-4271711602-4053031425-695835939-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupload.exe [2016-04-13] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {729765C5-8736-4632-98A5-9DED142465A9} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
    Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {7AB85945-39FD-4360-B801-E533268A3E7B} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-05] (ATK)
    Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {8394A644-E5A1-4F2D-B910-36086EDFAE0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {8FC1113D-48DF-4FE7-87C8-0934B7BAD55D} - System32\Tasks\4Team updater => C:\Program Files (x86)\4Team Corporation\4Team-Updater\4Team-Updater.exe
    Task: {923FF33D-C891-4C7F-A5D4-57ABE8943A20} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001UA => C:\Users\KC\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
    Task: {A3C6122E-9746-4EA4-B722-C666AEF70400} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
    Task: {A50B77A4-C21C-4D9C-969A-C938DD7E27FC} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
    Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {AC82F049-E160-49F0-8F5D-99730272638C} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-10-14] ()
    Task: {C13CC8ED-A09E-4141-AEF5-986DCE3064E3} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
    Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {C850C033-12BA-4991-9670-120133F0EDBD} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
    Task: {D3D9E628-C6D8-4A6E-BA17-820698ACF1B1} - System32\Tasks\{A30B5EDC-32DB-40BB-AE85-8FD2F9516184} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-03-01] (Skype Technologies S.A.)
    Task: {D5F79912-0C0E-42A4-9083-622A72220CD6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D81ACB5C-C9F9-4930-BD74-9567699ED20A} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
    Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {DE8FB9E7-5037-4BA9-9AF8-3DE5776467DE} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
    Task: {E250CCBD-C07A-4BA6-B80F-8C2FC500654A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {E5CE0B55-0214-4CDD-8B96-34B8A048497C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Bomgar Task 11630482.job => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe›hxxp:/remote.iyogi.net/ <==== ATTENTION
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001Core.job => C:\Users\KC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4271711602-4053031425-695835939-1001UA.job => C:\Users\KC\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4271711602-4053031425-695835939-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4271711602-4053031425-695835939-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\4800\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2011-03-31 21:34 - 2009-05-14 04:24 - 00045568 _____ () C:\Windows\System32\LXDUPMON.DLL
    2011-03-31 21:34 - 2010-10-14 14:52 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
    2011-03-31 21:34 - 2010-10-14 14:50 - 00081408 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\ipcmt64.dll
    2011-03-31 21:37 - 2010-10-14 15:01 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
    2015-03-20 15:12 - 2015-03-20 15:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-03-20 15:12 - 2015-03-20 15:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-08-01 11:23 - 2014-08-01 11:23 - 00418312 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    2007-06-15 11:28 - 2007-06-15 11:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
    2007-06-01 17:52 - 2007-06-01 17:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    2011-03-31 21:33 - 2010-10-14 15:15 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    2011-03-31 21:33 - 2010-10-14 15:15 - 00025256 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
    2009-12-23 14:12 - 2009-12-23 14:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
    2009-12-18 20:11 - 2009-12-18 20:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
    2010-03-03 00:32 - 2007-11-30 12:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
    2008-10-01 00:02 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
    2009-11-24 14:45 - 2009-11-24 14:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    2010-01-04 18:43 - 2010-01-04 18:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    2010-03-03 00:28 - 2009-05-07 01:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
    2010-03-03 00:28 - 2009-05-07 01:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
    2010-03-03 00:28 - 2008-01-17 23:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
    2010-03-03 00:28 - 2009-09-15 20:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
    2011-03-31 21:33 - 2010-10-14 14:59 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
    2011-03-31 21:33 - 2010-10-14 14:49 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
    2011-03-31 21:33 - 2010-10-14 14:49 - 00073728 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducats.dll
    2011-03-31 21:33 - 2010-10-14 14:59 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
    2011-03-31 21:33 - 2010-10-14 14:59 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
    2011-03-31 21:33 - 2010-10-14 14:49 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
    2011-03-31 21:33 - 2010-01-21 03:09 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
    2011-03-31 21:33 - 2010-01-21 03:09 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
    2011-03-31 21:33 - 2010-01-21 03:08 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
    2011-03-31 21:33 - 2008-03-25 01:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [514]
    AlternateDataStreams: C:\ProgramData\Temp:0B4227B4 [133]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\91863660.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\91863660.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\amazon.com -> hxxps://www.amazon.com
    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\crsdata.com -> hxxp://pmar.crsdata.com
    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\flexmls.com -> hxxp://poc.flexmls.com
    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\flexmls.com -> hxxps://poc.flexmls.com
    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\taxsoftware.com -> hxxp://www.taxsoftware.com
    IE trusted site: HKU\S-1-5-21-4271711602-4053031425-695835939-1001\...\trueformsonline.com -> hxxps://aar.trueformsonline.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4271711602-4053031425-695835939-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\KC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
    MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
    MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [TCP Query User{18E37B80-FD82-49C4-AEFA-48EBF89F77B9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{D52D2058-8B7F-4AB8-8ED7-7E6ECD6A0B3C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{693D1A01-044E-4BC6-8012-54869AACDC6D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D9EB738A-9413-4452-8359-92E94A709098}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{D7FC7D1A-CDA9-4F6D-ABEE-1254E071D31D}C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{EC2A991C-6EF9-4EE9-8B8D-25472C3D7D40}C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kc\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{01CFF56D-AF7A-41F3-AF50-D51E098260B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    20-03-2016 14:42:19 Checkpoint by HitmanPro
    22-03-2016 13:38:38 Checkpoint by HitmanPro
    02-04-2016 19:28:16 Checkpoint by HitmanPro
    04-04-2016 19:26:01 Checkpoint by HitmanPro
    05-04-2016 13:39:09 Checkpoint by HitmanPro
    08-04-2016 21:54:29 Checkpoint by HitmanPro
    09-04-2016 23:58:56 Checkpoint by HitmanPro
    18-04-2016 13:38:46 Checkpoint by HitmanPro
    21-04-2016 19:23:32 Checkpoint by HitmanPro
    24-04-2016 15:07:17 Restore Operation
    24-04-2016 15:32:00 Installed Microsoft Fix it 50123
    24-04-2016 16:08:15 Installed Microsoft Fix it 50123
    24-04-2016 16:40:03 Safe Point

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/28/2016 05:47:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 133583

    Error: (04/28/2016 05:47:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 133583

    Error: (04/28/2016 05:47:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/28/2016 05:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 132304

    Error: (04/28/2016 05:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 132304

    Error: (04/28/2016 05:47:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/28/2016 05:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 130557

    Error: (04/28/2016 05:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 130557

    Error: (04/28/2016 05:47:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (04/28/2016 05:45:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2371


    System errors:
    =============
    Error: (04/28/2016 01:46:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/27/2016 08:56:02 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (04/27/2016 02:29:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/27/2016 02:05:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/24/2016 05:31:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/24/2016 05:30:28 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (04/24/2016 05:22:50 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/24/2016 05:20:09 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

    Error: (04/24/2016 04:11:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error: (04/24/2016 03:19:36 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.


    ==================== Memory info ===========================

    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
    Percentage of memory in use: 37%
    Total physical RAM: 4061.09 MB
    Available physical RAM: 2545.83 MB
    Total Virtual: 8120.38 MB
    Available Virtual: 6288.36 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:259.55 GB) NTFS ==>[drive with boot components (obtained from BCD)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
    Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
    Partition 2: (Active) - (Size=451.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    1. It is quite normal for the system wide admin account to be disabled, when your account is an admin account, so don't worry about that. It is not recommended to have the default Admin account enabled anyway.
    2. Ignore the errors at the end, they are mostly being caused by a missing driver, where the instruction has remained set when adaware was uninstalled. This fix should solve that
    3. I can see a remote access /tech support with dubious credentials / reputation ( iyogi.net ) being auto-run on Chrome, which is your default browser. We will remove that but I would be much happier after this fix is done if you do a complete chrome uninstall/ clear all data and then reinstall. ( I will provide those instructions in my next post )I am not guaranteeing this is the problem with your background audio but it is highly likely
    4. I can see no sign of an active Antivirus installed or running. HitmanPro is NOT a full featured antivirus and you do need a proper antivirus form one of the major companies or at least install Microsoft Security Essentials and do a full scan

    After running this fix, you need to run an online scan on https://www.eset.com/int/home//products/online-scanner/ to see what that finds
    We will look at Windows update problems after hopefully fixing the background audio / potential intruder

    Now to the fix:


    Download attached fixlist.txt file and save it to your desktop.

    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    After you have completed the fix above and before you run the online scan or install a new antivirus, lets reinstall chrome
    f your Chrome Bookmarks are important do this first:

    Go to this link: http://www.wikihow.com/Export-Bookmarks-from-Chrome follow the instructions and Export your Bookmarks from Chrome, save to your Desktop or similar. Note the instructions can also be used to Import the bookmarks.....

    Continue for a clean install:

    Remove all synced data from Chrome go here: http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/ follow those instructions...otherwise as soon as you reinstall or reconnect chrome, it will automatically restore all the old malware/adware/unwanted extensions and files/settings

    Uninstall Chrome: https://support.google.com/chrome/answer/95319?hl=en-GB follow those instructions, ensure the option to "Also delete your browsing data" is selected. <<--- Very important!!

    Install Google Chrome from here: https://www.google.com/intl/en_uk/chrome/browser/desktop/index.html
     
  11. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    fixlog
    Noted on restart, a number of Windows Updates actually downloaded and installed.

    Should I run above Chrome instructions now? Will cell phone be re-synced also from this process?
    Also do you recommend defrag for ongoing maintenance and if so, which program? Thanks,

    Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Task: C:\Windows\Tasks\Bomgar Task 11630482.job => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe›hxxp:/remote.iyogi.net/ <==== ATTENTION
    HKU\S-1-5-18\...\RunOnce: [adawarebp] => reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f
    HKU\S-1-5-18\...\RunOnce: [adawarebp_XP] => reg.exe delete "HKCU\Software\adawarebp" /f
    Task: {4E5FD3A9-FB8D-434C-8A2A-009484A552D5} - System32\Tasks\{08C180CF-4D7F-4F89-BA2D-54FF76D57FA7} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.9.0.106/en/abandoninstall?page=tsMain
    Task: {52019420-C387-47F1-9FB7-42E87FEB80D8} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
    Task: {5A5228A8-5E62-4C75-BEBF-1102B72540B6} - System32\Tasks\{5FE73813-A239-4241-A519-4F6DB755014C} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.5.0.119.217/en/go/help.faq.installer?LastError=1618
    C:\PROGRA~2\AD-AWA~1
    S0 Lbd; no ImagePath
    emptytemp:

    *****************

    C:\Windows\Tasks\Bomgar Task 11630482.job => moved successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp => value removed successfully
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\adawarebp_XP => value removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E5FD3A9-FB8D-434C-8A2A-009484A552D5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E5FD3A9-FB8D-434C-8A2A-009484A552D5}" => key removed successfully
    C:\Windows\System32\Tasks\{08C180CF-4D7F-4F89-BA2D-54FF76D57FA7} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{08C180CF-4D7F-4F89-BA2D-54FF76D57FA7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52019420-C387-47F1-9FB7-42E87FEB80D8}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52019420-C387-47F1-9FB7-42E87FEB80D8}" => key removed successfully
    C:\Windows\System32\Tasks\Ad-Aware Antivirus Scheduled Scan => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Antivirus Scheduled Scan" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A5228A8-5E62-4C75-BEBF-1102B72540B6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A5228A8-5E62-4C75-BEBF-1102B72540B6}" => key removed successfully
    C:\Windows\System32\Tasks\{5FE73813-A239-4241-A519-4F6DB755014C} => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5FE73813-A239-4241-A519-4F6DB755014C}" => key removed successfully
    "C:\PROGRA~2\AD-AWA~1" => not found.
    Lbd => service removed successfully
    EmptyTemp: => 2.5 GB temporary data Removed.

    The system needed a reboot.

    ==== End of Fixlog 02:31:56 ====
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    Yes, cellphone should also be re synced
    The risk is that if you don't unsync and resync then data could be reinstalled
    BUT if you are happy and want to take a chance for now, then hold off on the Chrome steps and see if the background audio problem has gone away

    Do a manual windows update and see if updates come through OK
     
  13. ksdnyy

    ksdnyy Thread Starter

    Joined:
    Apr 24, 2016
    Messages:
    24
    does the phone need to have snyc turned off then turned back on after Chrome reinstall?
    (Will proceed with Chrome reinstall as original issue appears to persist.)
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    I am not sure with android phones. I think that it will automatically resync afterwards
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,220
    First Name:
    Derek
    After you have done the chrome reinstall please run FRST again and post new logs
    this time please select addition.txt and shortcuts.txt in the additional options section
    upload or copy all 3 logs back here please
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1170344

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice