[IthinkImRatted]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014

Ran by Adam (administrator) on NABILASDESKTOP on 03-01-2015 00:10:05

Running from C:\Users\Adam\Desktop

Loaded Profile: Adam (Available profiles: Nabila & Adam)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Wistron Corporation) C:\Program Files\DELLOSD\VolumeCtlSrv.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe

() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Adam\Desktop\Poker\Files\swc_client-Windows v0.2.18\swc_client-Windows v0.2.18.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Adam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7UI.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)

HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis1BC0.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [862840 2014-07-09] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3790447157-3292565816-2608695818-1006\...\Run: [Facebook Update] => C:\Users\Adam\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-05-21] (Facebook Inc.)

HKU\S-1-5-21-3790447157-3292565816-2608695818-1006\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett-Packard Co.)

HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)

HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKU\S-1-5-21-3790447157-3292565816-2608695818-1006 -> {048CF71D-0CE5-4399-AB93-ED660275F118} URL = https://search.yahoo...p={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: ShopDRop -> {D583B311-0498-BE4D-C1EB-2DF4AAECA08D} ->  No File

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: ShopDRop -> {D583B311-0498-BE4D-C1EB-2DF4AAECA08D} ->  No File

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)

FF Plugin HKU\S-1-5-21-3790447157-3292565816-2608695818-1006: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Adam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF Plugin HKU\S-1-5-21-3790447157-3292565816-2608695818-1006: @talk.google.com/GoogleTalkPlugin -> C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-3790447157-3292565816-2608695818-1006: @talk.google.com/O1DPlugin -> C:\Users\Adam\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-3790447157-3292565816-2608695818-1006: @tools.google.com/Google Update;version=3 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin HKU\S-1-5-21-3790447157-3292565816-2608695818-1006: @tools.google.com/Google Update;version=9 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File

FF Plugin ProgramFiles/Appdata: C:\Users\Adam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Adam\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

 

Chrome: 

=======

CHR HomePage: Default -> https://www.facebook.com/

CHR StartupUrls: Default -> "https://www.facebook.com/"

CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-03]

CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]

CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-03]

CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-03]

CHR Extension: (AdBlock) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-14]

CHR Extension: (CostMin) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabcknbbheiaocncdkhgjjcnnnehlghd [2014-06-10]

CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-03]

CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-03]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations)

R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-09-17] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-20] (Realtek Semiconductor)

R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187592 2014-01-17] (Sandboxie Holdings, LLC)

R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915408 2013-10-09] (SoftThinks SAS)

R2 VolumeCtlSrv; C:\Program Files\DELLOSD\VolumeCtlSrv.exe [221696 2012-07-20] (Wistron Corporation) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-09-14] (Qualcomm Atheros)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [46136 2014-10-18] (LogMeIn Inc.)

R3 ITECIRfilter; C:\Windows\system32\DRIVERS\ITECIRfilter.sys [18064 2012-06-20] (ITE Tech. Inc. )

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-02] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

R3 PQAWRwa; C:\Program Files\DELLOSD\PQAWDrv.sys [12384 2008-03-01] () [File not signed]

R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [202600 2014-01-17] (Sandboxie Holdings, LLC)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

U4 CmdAgent; No ImagePath

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-03 00:10 - 2015-01-03 00:11 - 00022279 _____ () C:\Users\Adam\Desktop\FRST.txt

2014-12-29 01:01 - 2015-01-02 22:20 - 00000000 ___RD () C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2014-12-28 22:36 - 2014-12-28 22:36 - 00000000 ____D () C:\Users\Adam\Desktop\FRST-OlderVersion

2014-12-27 14:56 - 2014-12-27 14:58 - 00034431 _____ () C:\Users\Adam\Downloads\Addition.txt

2014-12-27 14:55 - 2014-12-27 14:58 - 00060617 _____ () C:\Users\Adam\Downloads\FRST.txt

2014-12-27 14:53 - 2015-01-03 00:10 - 00000000 ____D () C:\FRST

2014-12-27 14:52 - 2014-12-28 22:36 - 02123264 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe

2014-12-25 13:15 - 2014-12-25 13:17 - 02767690 _____ () C:\Users\Adam\Documents\AutoRuns.arn

2014-12-25 13:13 - 2014-12-25 13:13 - 00511633 _____ () C:\Users\Adam\Downloads\Autoruns.zip

2014-12-25 13:10 - 2014-12-25 13:10 - 00000000 ____D () C:\Program Files\My Dell

2014-12-25 13:09 - 2014-12-25 13:09 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\PCDr

2014-12-24 23:56 - 2014-12-24 23:56 - 04009167 _____ () C:\Users\Adam\Downloads\ServicesRepair.exe

2014-12-24 23:56 - 2014-12-24 23:56 - 00000000 ____D () C:\Users\Public\Desktop\CC Support

2014-12-21 16:19 - 2014-12-21 16:19 - 02347384 _____ (ESET) C:\Users\Adam\Downloads\esetsmartinstaller_enu.exe

2014-12-21 16:19 - 2014-12-21 16:19 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-12-19 11:27 - 2014-10-30 14:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2014-12-19 11:27 - 2014-10-30 14:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2014-12-17 13:06 - 2014-12-25 00:23 - 00000000 ____D () C:\Users\Adam\Desktop\OTL

2014-12-17 00:47 - 2014-12-17 00:47 - 00076164 _____ () C:\Users\Adam\Desktop\Extras.Txt

2014-12-15 12:12 - 2015-01-02 22:21 - 00000078 _____ () C:\WINDOWS\setupact.log

2014-12-15 12:12 - 2014-12-15 12:12 - 00000000 _____ () C:\WINDOWS\setuperr.log

2014-12-12 00:09 - 2014-12-12 00:09 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery

2014-12-12 00:03 - 2014-12-12 00:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2014-12-11 00:34 - 2014-12-16 12:46 - 00000000 ____D () C:\Users\Adam\Desktop\Docs

2014-12-09 15:33 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll

2014-12-09 15:33 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-09 15:33 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2014-12-09 15:33 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2014-12-09 15:18 - 2014-12-03 15:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-12-09 15:18 - 2014-12-03 15:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2014-12-09 15:18 - 2014-12-02 15:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-12-09 15:18 - 2014-12-02 15:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2014-12-09 15:18 - 2014-12-02 15:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-12-09 15:18 - 2014-12-02 15:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-12-09 15:18 - 2014-12-02 15:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-12-09 15:18 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2014-12-09 15:18 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2014-12-09 15:18 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-12-09 15:18 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-12-09 15:18 - 2014-10-12 18:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2014-12-09 15:18 - 2014-10-12 18:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2014-12-09 15:18 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-12-09 15:18 - 2014-10-12 18:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-12-09 15:17 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-12-09 15:17 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-12-09 15:17 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-12-09 15:17 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-12-09 15:17 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-12-09 15:17 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-12-09 15:17 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-12-09 15:17 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-12-09 15:17 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-12-09 15:17 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-12-09 15:17 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-12-09 15:17 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-12-09 15:17 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-12-09 15:17 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-12-09 15:17 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-12-09 15:17 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-12-09 15:17 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-12-09 15:17 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-12-09 15:17 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-12-09 15:17 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-12-09 15:17 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-12-09 15:17 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-12-09 15:17 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-12-09 15:17 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-12-09 15:17 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-12-09 15:17 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-12-09 15:17 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-12-09 15:17 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-12-09 15:17 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-12-09 15:17 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-12-09 15:17 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-12-09 15:17 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-12-09 15:17 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-12-09 15:17 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-12-09 15:17 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-12-09 15:17 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-12-09 15:17 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-12-09 15:17 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-12-09 15:17 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-12-06 16:26 - 2014-12-08 13:30 - 00000000 ____D () C:\Users\Adam\Desktop\Empire Bitcoin

2014-12-06 16:11 - 2014-12-06 16:11 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Nabilasdesktop-Adam

2014-12-05 13:55 - 2014-12-05 13:55 - 00000000 _____ () C:\Users\Adam\Documents\CN37P1W0JP05Y0_FAX

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-03 00:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-02 23:56 - 2013-12-08 05:44 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-02 23:34 - 2014-03-05 00:14 - 00000942 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1001UA.job

2015-01-02 23:18 - 2014-01-26 11:56 - 00000934 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1006UA.job

2015-01-02 23:18 - 2014-01-26 11:56 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1006Core.job

2015-01-02 23:05 - 2014-08-01 08:11 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-02 22:57 - 2014-07-21 12:26 - 00000000 ____D () C:\ProgramData\ChromeHelper

2015-01-02 22:39 - 2014-11-27 23:22 - 01776133 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-02 22:23 - 2013-09-29 20:04 - 01157900 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-02 22:21 - 2014-05-21 21:16 - 00000954 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1006UA.job

2015-01-02 22:21 - 2014-05-21 21:16 - 00000932 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1006Core.job

2015-01-02 21:07 - 2013-09-25 21:03 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery

2015-01-02 20:56 - 2013-12-08 05:44 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-02 18:30 - 2014-01-20 19:49 - 00003946 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9F0263A7-C5F3-48B2-B602-4C06A98422C5}

2015-01-02 14:34 - 2014-03-05 00:14 - 00000890 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3790447157-3292565816-2608695818-1001Core.job

2015-01-02 12:05 - 2014-01-18 22:40 - 00000000 ____D () C:\Users\Adam\AppData\Local\Adobe

2015-01-02 12:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-12-29 00:59 - 2013-08-22 06:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-12-28 22:55 - 2014-01-03 22:59 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3790447157-3292565816-2608695818-1006

2014-12-28 22:44 - 2014-11-27 21:16 - 00002286 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-12-28 22:42 - 2014-11-28 23:55 - 00031788 _____ () C:\WINDOWS\PFRO.log

2014-12-28 22:42 - 2014-06-10 17:42 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-12-28 22:38 - 2014-01-03 22:53 - 00000000 ____D () C:\Users\Adam

2014-12-28 22:38 - 2013-08-22 07:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy

2014-12-25 13:11 - 2014-01-20 22:59 - 00000000 ____D () C:\Users\Adam\jagexcache

2014-12-25 13:10 - 2013-09-25 20:58 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell

2014-12-25 13:08 - 2014-07-05 09:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2014-12-25 13:08 - 2014-07-05 09:45 - 00000000 ____D () C:\Program Files (x86)\Anvisoft

2014-12-24 23:56 - 2013-08-22 05:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2014-12-24 23:49 - 2014-08-01 08:07 - 00000000 ____D () C:\AdwCleaner

2014-12-23 04:14 - 2013-12-10 20:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-12-20 01:34 - 2012-07-25 23:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-12-17 12:55 - 2014-02-13 20:38 - 00001540 _____ () C:\WINDOWS\Sandboxie.ini

2014-12-16 01:50 - 2014-01-15 15:31 - 00000000 ____D () C:\Users\Adam\Desktop\eBooks

2014-12-15 12:06 - 2014-01-28 18:06 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-15 12:06 - 2014-01-28 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-14 01:17 - 2014-01-28 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2014-12-12 12:02 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-12-12 00:06 - 2013-08-22 06:44 - 05055896 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-12-12 00:03 - 2014-07-11 21:40 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-12-12 00:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS

2014-12-12 00:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS

2014-12-12 00:03 - 2013-08-22 07:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2014-12-11 14:52 - 2014-11-30 14:32 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\.purple

2014-12-11 11:42 - 2014-09-04 17:22 - 00036864 ___SH () C:\Users\Adam\Documents\Thumbs.db

2014-12-09 23:16 - 2013-12-06 11:17 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-12-09 23:12 - 2013-12-06 11:17 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-12-08 16:20 - 2014-08-07 20:34 - 00000000 ____D () C:\ProgramData\NexonUS

2014-12-08 16:20 - 2014-01-26 00:20 - 00000000 ____D () C:\Users\Adam\AppData\Local\Deployment

2014-12-08 16:19 - 2014-08-13 23:43 - 00000000 ____D () C:\Users\Adam\AppData\Local\PokerStars

2014-12-08 16:19 - 2014-08-13 23:43 - 00000000 ____D () C:\Program Files (x86)\PokerStars

2014-12-08 16:18 - 2014-08-22 22:07 - 00000000 ____D () C:\Nexon

2014-12-08 16:18 - 2014-08-07 20:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon

2014-12-06 16:11 - 2014-08-13 04:17 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

2014-12-05 13:55 - 2014-01-19 14:42 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Nitro PDF

2014-12-04 12:41 - 2014-01-20 18:49 - 00000132 _____ () C:\Users\Adam\AppData\Roaming\Adobe PNG Format CC Prefs

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-29 09:01

==================== End Of Log ============================

[Advertisements]

• Step #3 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    Closeprocesses:
    HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis1BC0.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
    Reboot:
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #4 Scan with Malwarebytes' Anti-Malware
  • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Download Link #1
    • Download Link #2
    • Download Link #3
  • Double-click mbam-setup.exe to install the application.
  • Before clicking Finish perform the following actions --
    • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    • Check the box beside Launch Malwarebytes Anti-Malware
  • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
  • Click on Setting--
    • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
  • From the Dashboard click on Scan Now;
  • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
  • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #5 ESET Online Scanner
  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
    • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
    • Check the box beside Remove Found Threats;
    • Check the box beside Scan archives
    • Check the box beside Scan for potentially unsafe applications
    • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
    • If no threats were found:
      • Put a checkmark in Uninstall application on close.
      • Close the program and report that nothing was found
    • If threats were found:
      • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.
  Note: Enable your security programs afterwards.

 

• Required Log(s):
  • FRST Fix Log
  • Malwarebytes' Anti-Malware Log
  • ESET Scan Log

Regards,
Valinorum

[Valinorum]

• Step #3 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --
    

    Start
    CreateRestorePoint:
    Closeprocesses:
    HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis1BC0.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
    Reboot:
    End

  • Click on File > Save as...
    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #4 Scan with Malwarebytes' Anti-Malware
  • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Download Link #1
    • Download Link #2
    • Download Link #3
  • Double-click mbam-setup.exe to install the application.
  • Before clicking Finish perform the following actions --
    • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
    • Check the box beside Launch Malwarebytes Anti-Malware
  • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
  • Click on Setting--
    • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
  • From the Dashboard click on Scan Now;
  • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
  • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

• Step #5 ESET Online Scanner
  Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
  • Download esetsmartinstaller_enu.exe by clicking here.
  • Right-click on the program and choose Run as administrator.
  • Accept their terms and condition and proceed.
  • Install Add-On/Active X if prompted.
  • From the Computer Scan Setting check the following box --
    • Enable detection for potentially unwanted programs
  • Click on Advanced Setting --
    • Check the box beside Remove Found Threats;
    • Check the box beside Scan archives
    • Check the box beside Scan for potentially unsafe applications
    • Check the box beside Enable Anti-Stealth Technology
  • Click on Start and wait for the virus signature database to update.
  • The online scan will begin automatically and can take several hours.
    • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • After the Scan finishes --
    • If no threats were found:
      • Put a checkmark in Uninstall application on close.
      • Close the program and report that nothing was found
    • If threats were found:
      • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
      • Copy and Paste contents of the log file in your next reply.
  Note: Enable your security programs afterwards.

 

• Required Log(s):
  • FRST Fix Log
  • Malwarebytes' Anti-Malware Log
  • ESET Scan Log

Regards,
Valinorum

[IthinkImRatted]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-01-2015 03

Ran by Adam at 2015-01-03 11:45:43 Run:2

Running from C:\Users\Adam\Desktop

Loaded Profiles: Adam &  (Available profiles: Nabila & Adam)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CreateRestorePoint:

Closeprocesses:

HKLM\...\Run: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => "C:\ProgramData\cis1BC0.exe" --PostUninstall {81EFDD93-DBBE-415B-BE6E-49B9664E3E82}

Reboot:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value deleted successfully.

 

 

The system needed a reboot. 

 

==== End of Fixlog 11:46:15 ====

[IthinkImRatted]

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/3/2015

Scan Time: 1:25:55 PM

Logfile: mblog.txt

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.03.10

Rootkit Database: v2014.12.30.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Adam

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 412284

Time Elapsed: 18 min, 55 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

[IthinkImRatted]

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=2ee51673610259498d3e469870816df2

# engine=21659

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-12-22 01:35:07

# local_time=2014-12-21 05:35:07 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 0 9430026 0 0

# scanned=223173

# found=15

# cleaned=15

# scan_time=4421

sh=8BEB70A896C1F63B19924883E6C819B7B4C70251 ft=1 fh=ddf10b51579368f6 vn="Win32/Techsnab.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\GetPrivate\gpup.exe.vir"

sh=5735882F71B28AA2E9A5B872C86D86BF9474ACF2 ft=1 fh=ea10237bb81e77ea vn="Win32/BrowseFox.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\ScanTackUninstall.exe.vir"

sh=241BC0489F83985FF99318CDD1C49A94A737B0E4 ft=1 fh=ddf70d46fa026485 vn="a variant of Win32/BrowseFox.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\bin\ScanTack.BrowserAdapter.exe.vir"

sh=3D5F61F5CF0FEDC819AC7916D5DF5AD77213273F ft=1 fh=5e27eae7df1b7322 vn="a variant of Win64/BrowseFox.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\bin\ScanTack.PurBrowse64.exe.vir"

sh=535B316853EADFF2EC7DC4E9F240973FB39FB077 ft=1 fh=59d00f0f08f2216c vn="Win32/BrowseFox.N potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\bin\ScanTackBAApp.dll.vir"

sh=241E406134826FA68DF7DAAB0607AF6F1C31729E ft=1 fh=f1bcb7ed0ba3a129 vn="a variant of Win32/BrowseFox.M potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScanTack\bin\{9acd1534-e8f8-40cb-b5ac-4996fe01175b}.dll.vir"

sh=CCA59742A94363D064FECF056BBA3D2572576030 ft=1 fh=f3a68f52f2d15449 vn="Win32/Thinknice.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\HpUI.exe.vir"

sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"

sh=E9BEAFD5EF09360852ECDCC4312188064742E51A ft=1 fh=c71c0011421e8e27 vn="Win32/Thinknice.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"

sh=EC863F75DD758963E4DD8D4DBB5FADA9131D5B49 ft=1 fh=b6e8a9642c3777ee vn="Win32/Thinknice.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll32.dll.vir"

sh=22A0691859F923C7267A8989F26796345F9ECE98 ft=1 fh=041c574ca42973eb vn="Win64/Thinknice.D potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\WindowsSupportDll64.dll.vir"

sh=663BA7DC1FEC289459257F80D8939DF1A114AE27 ft=1 fh=6ba09f8cd916608c vn="Win32/AnyProtect.E potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Adam\AppData\Local\AnyProtectScannerSetup.exe.vir"

sh=8BEB70A896C1F63B19924883E6C819B7B4C70251 ft=1 fh=ddf10b51579368f6 vn="Win32/Techsnab.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Adam\AppData\Roaming\GetPrivate\gp_upd.exe.vir"

sh=DA1A38E6C4F6C3D735C094F41EB6BA73194E95DA ft=1 fh=e6a12e5ba6d150fb vn="a variant of Win32/DealPly.S potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Adam\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir"

sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=2ee51673610259498d3e469870816df2

# engine=21806

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2015-01-04 02:40:49

# local_time=2015-01-03 06:40:49 (-0800, Pacific Standard Time)

# country="United States"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 0 10557168 0 0

# scanned=211356

# found=6

# cleaned=6

# scan_time=13476

sh=25B9F4013FB34153FFA27E460D4B8594C79FE337 ft=1 fh=15384691e6094ee0 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe"

sh=5BF068154E572507FFDB695DD7EDF9DCCF3FF859 ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adam\Desktop\eBooks\Hackforums\jBoot.rar"

sh=A60C590E07CB30321F9B492B60CACB9BDBA278DC ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adam\Desktop\eBooks\Hackforums\jBoot\jBoot2.jar"

sh=FCA28B13371584C212ACDC67F477364F5C5C65E1 ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adam\Desktop\eBooks\Hackforums\jboot44543543\jBoot.jar"

sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adam\Downloads\ccsetup500.exe"

sh=FC45614B12E19790A4CF28C8880CE4F0059353F6 ft=0 fh=0000000000000000 vn="a variant of Java/JShrink.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Adam\Downloads\jBoot.rar"

[Valinorum]

Logs looks fine. How is your PC?

[IthinkImRatted]

Logs looks fine. How is your PC?

My PC still rockets in disk usage which causes some lag which is probably due to background processes, I'm glad there is not sign of a rat.

[Valinorum]

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣

 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

• Cleanup with Delfix
  Please download DelFix by Xplode to your Desktop.
  Download Link
  • Double-click to run the program;
    • Note: Windows Vista/7/8 users right-click and choose Run as administrator
  • Make sure that all the boxes are checked;
  • Click Run;
  • A log will be opened after the operation is finished;
  • Copy and Paste it in your next reply

 

♣ Prevention and Future Guidelines ♣

 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

• Keep Windows up-to-date.
  It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
• Run antivirus software and keep it up-to-date, too.
  Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
• Keep your web browser plugins and other programs updated also.
  This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.
  
  A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.
  
  No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.
  
  Download NoSript by Giorgio Maone.
  
  Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
• Watch out for new threat named CryptoLocker
  CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
  How to prevent your computer from becoming infected by CryptoLocker.
• And last of all, surf smart.
  It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?
  
  

Regards,
Valinorum

[IthinkImRatted]

# DelFix v10.8 - Logfile created 04/01/2015 at 23:52:25

# Updated 29/07/2014 by Xplode

# Username : Adam - NABILASDESKTOP

# Operating System : Windows 8.1  (64 bits)

 

~ Activating UAC ... OK

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Adam\Desktop\FRST-OlderVersion

Deleted : C:\Users\Adam\Desktop\Addition.txt

Deleted : C:\Users\Adam\Desktop\adwcleaner_3.302.exe

Deleted : C:\Users\Adam\Desktop\Extras.Txt

Deleted : C:\Users\Adam\Desktop\Fixlog.txt

Deleted : C:\Users\Adam\Desktop\FRST.txt

Deleted : C:\Users\Adam\Desktop\FRST64.exe

Deleted : C:\Users\Adam\Downloads\Addition.txt

Deleted : C:\Users\Adam\Downloads\esetsmartinstaller_enu.exe

Deleted : C:\Users\Adam\Downloads\FRST.txt

Deleted : C:\Users\Adam\Downloads\ServicesRepair.exe

Deleted : HKLM\SOFTWARE\OldTimer Tools

Deleted : HKLM\SOFTWARE\AdwCleaner

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #68 [Windows Update | 12/19/2014 08:28:58]

Deleted : RP #69 [Removed RuneScape Launcher 1.2.3 | 12/25/2014 21:10:33]

Deleted : RP #71 [Restore Point Created by FRST | 12/29/2014 06:37:24]

Deleted : RP #73 [Restore Point Created by FRST | 01/03/2015 19:45:46]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Valinorum]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.