QTrax being detected in my disc drive [Archive]

montypy88

2015-03-29, 19:20

Hello! I will try to follow the rules since this is my first time here. For a while now, when I start up my computer and Spybot runs, it detects Qtrax as malware in my disc drive. I don't know what to do to get rid of it, as the program is unable to clean something that isn't there. Can you help me? I've included the appropriate logs that I could below. Thank you!

PS: I didn't include the aswMBR log because I could get it to finish running. Let me know if you need more info!

FRST log -

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Sarah (administrator) on STELLA on 29-03-2015 11:00:48
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available profiles: Sarah)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) D:\Music\iTunesHelper.exe
(Valve Corporation) D:\Steam\Steam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Users\Sarah\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Samsung Electronics Co., Ltd.) D:\Kies\KiesTrayAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) D:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Tweaking.com) D:\Downloads\files\registry_backup_tool\TweakingRegistryBackup.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7560296 2011-12-12] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => D:\Music\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BackupNowEZtray] => C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe [580672 2012-07-23] (NTI Corporation)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => D:\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => D:\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-26] (Google Inc.)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [Steam] => D:\Steam\steam.exe [2888896 2015-03-24] (Valve Corporation)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6161176 2014-02-20] (Piriform Ltd)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [KiesAirMessage] => D:\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\MountPoints2: {08f61612-e13b-11e3-8393-f46d04666427} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\MountPoints2: {08f6162c-e13b-11e3-8393-f46d04666427} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> DefaultScope {33F453F6-7764-4C44-A264-54881DFA7181} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> {26D446C9-7F35-4F58-97B8-C950326FE894} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> {33F453F6-7764-4C44-A264-54881DFA7181} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll [2012-11-13] (Safer-Networking Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-20] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} https://extranet.cchmc.org/+CSCOL+/csvrloader32.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2010-03-11] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll [2014-05-18] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll [2014-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3452437872-2670650920-2198047957-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3452437872-2670650920-2198047957-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3452437872-2670650920-2198047957-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-07] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-10-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-07-23]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://en.wikipedia.org/wiki/Special:Random"
CHR Profile: C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2013-04-06]
CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (AdBlock) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-11]
CHR Extension: (feedly) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2013-03-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2014-01-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Totoro Rainy Day) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff [2012-04-19]
CHR Extension: (Ghostery) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2012-04-30]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
StartMenuInternet: Google Chrome - C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [45592 2011-09-23] (NTI Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; D:\Origin\OriginClientService.exe [1903472 2014-12-30] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [121416 2013-09-24] (MotioninJoy) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-01-14] () [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U3 akprivjh; C:\Windows\System32\Drivers\akprivjh.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 11:00 - 2015-03-29 11:01 - 00025306 _____ () C:\Users\Sarah\Desktop\FRST.txt
2015-03-29 11:00 - 2015-03-29 11:00 - 00000000 ____D () C:\FRST
2015-03-29 10:59 - 2015-03-29 10:59 - 02095616 _____ (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2015-03-29 10:58 - 2015-03-29 10:58 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-STELLA-Windows-7-Ultimate-(64-bit).dat
2015-03-29 10:58 - 2015-03-29 10:58 - 00000000 ____D () C:\RegBackup
2015-03-29 10:57 - 2015-03-29 11:00 - 00016353 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 10:52 - 2015-03-29 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-24 22:07 - 2015-03-11 00:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 22:07 - 2015-03-11 00:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 22:07 - 2015-03-11 00:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 22:07 - 2015-03-11 00:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 22:07 - 2015-03-11 00:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 22:07 - 2015-03-11 00:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 22:07 - 2015-03-11 00:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 22:07 - 2015-03-11 00:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-15 18:24 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-15 18:24 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-15 18:24 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-15 18:24 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-15 18:24 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-15 18:24 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-15 18:24 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-15 18:24 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-15 18:24 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-15 18:24 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-15 18:24 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-15 18:24 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-15 18:24 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-15 18:24 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-15 18:24 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-15 18:24 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-15 18:24 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-15 18:24 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-15 18:24 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-15 18:24 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-15 18:24 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-15 18:24 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-15 18:24 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-15 18:24 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-15 18:24 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-15 18:24 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-15 18:24 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-15 18:24 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-15 18:24 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-15 18:24 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-15 18:24 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-15 18:24 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-15 18:24 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-15 18:24 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-15 18:24 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-15 18:24 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-15 18:24 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-15 18:24 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-15 18:24 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-15 18:24 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-15 18:24 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-15 18:24 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-15 18:24 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-15 18:24 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-15 18:24 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-15 18:24 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-15 18:24 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-15 18:24 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-15 18:24 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-15 18:24 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-15 18:24 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-15 18:24 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-15 18:24 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-15 18:24 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-15 18:24 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-15 18:24 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-15 18:24 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-15 18:24 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-15 18:24 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-15 18:24 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-15 18:24 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-15 18:24 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-15 18:24 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-15 18:24 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-15 18:24 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-15 18:24 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-15 18:24 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-15 18:24 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-15 18:24 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-15 18:24 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-15 18:24 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-15 18:24 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-15 18:24 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-15 18:24 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-15 18:24 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-15 18:24 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-15 18:24 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-15 18:24 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-15 18:24 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-15 18:24 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-15 18:24 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-15 18:24 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-15 18:24 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-15 18:24 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-15 18:24 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-15 18:24 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-15 18:24 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-15 18:24 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-15 18:24 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-15 18:23 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-15 18:23 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-15 18:23 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-15 18:23 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-15 18:23 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-15 18:23 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-15 18:23 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-15 18:23 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-15 18:23 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-15 18:23 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-15 18:23 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-15 18:23 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-15 18:23 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-15 18:23 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-15 18:23 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-15 18:23 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-15 18:23 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-15 18:23 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-15 18:23 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-15 18:23 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-15 18:23 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-15 18:23 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-15 18:18 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-15 18:18 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-15 18:18 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-15 18:17 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-15 18:17 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-15 18:04 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-15 18:04 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-15 18:04 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-15 18:04 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-15 17:51 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-15 17:51 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 22:02 - 2015-03-05 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-05 22:02 - 2012-10-03 17:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-05 22:01 - 2015-03-05 22:02 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-05 22:01 - 2015-03-05 22:01 - 00000000 ____D () C:\Program Files\iPod
2015-03-05 22:01 - 2015-03-05 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-03 18:44 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-03 18:44 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-03 18:44 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-03 18:44 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-29 10:57 - 2012-07-10 21:25 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox
2015-03-29 10:56 - 2015-02-21 18:39 - 00000000 ___RD () C:\Users\Sarah\iCloudDrive
2015-03-29 10:56 - 2011-10-22 17:25 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-29 10:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 10:49 - 2013-10-06 16:54 - 00416826 _____ () C:\Windows\system32\perfh011.dat
2015-03-29 10:49 - 2013-10-06 16:54 - 00122208 _____ () C:\Windows\system32\perfc011.dat
2015-03-29 10:49 - 2013-10-06 16:45 - 00509462 _____ () C:\Windows\system32\perfh006.dat
2015-03-29 10:49 - 2013-10-06 16:45 - 00098766 _____ () C:\Windows\system32\perfc006.dat
2015-03-29 10:49 - 2013-10-06 16:24 - 00401070 _____ () C:\Windows\system32\prfh0404.dat
2015-03-29 10:49 - 2013-10-06 16:24 - 00115198 _____ () C:\Windows\system32\prfc0404.dat
2015-03-29 10:49 - 2013-10-06 16:16 - 00713928 _____ () C:\Windows\system32\prfh0416.dat
2015-03-29 10:49 - 2013-10-06 16:16 - 00147764 _____ () C:\Windows\system32\prfc0416.dat
2015-03-29 10:49 - 2013-10-06 16:08 - 00729066 _____ () C:\Windows\system32\prfh0816.dat
2015-03-29 10:49 - 2013-10-06 16:08 - 00153014 _____ () C:\Windows\system32\prfc0816.dat
2015-03-29 10:49 - 2013-10-06 15:59 - 00740406 _____ () C:\Windows\system32\perfh015.dat
2015-03-29 10:49 - 2013-10-06 15:59 - 00155980 _____ () C:\Windows\system32\perfc015.dat
2015-03-29 10:49 - 2013-10-06 15:27 - 00656730 _____ () C:\Windows\system32\perfh01F.dat
2015-03-29 10:49 - 2013-10-06 15:27 - 00140108 _____ () C:\Windows\system32\perfc01F.dat
2015-03-29 10:49 - 2013-10-06 15:04 - 00383998 _____ () C:\Windows\system32\prfh0804.dat
2015-03-29 10:49 - 2013-10-06 15:04 - 00119700 _____ () C:\Windows\system32\prfc0804.dat
2015-03-29 10:49 - 2013-10-06 14:14 - 00724648 _____ () C:\Windows\system32\perfh019.dat
2015-03-29 10:49 - 2013-10-06 14:14 - 00150950 _____ () C:\Windows\system32\perfc019.dat
2015-03-29 10:49 - 2013-10-06 13:58 - 00494562 _____ () C:\Windows\system32\perfh014.dat
2015-03-29 10:49 - 2013-10-06 13:58 - 00095512 _____ () C:\Windows\system32\perfc014.dat
2015-03-29 10:49 - 2013-10-06 13:46 - 00607036 _____ () C:\Windows\system32\perfh008.dat
2015-03-29 10:49 - 2013-10-06 13:46 - 00111236 _____ () C:\Windows\system32\perfc008.dat
2015-03-29 10:49 - 2013-10-06 13:25 - 00663768 _____ () C:\Windows\system32\perfh01D.dat
2015-03-29 10:49 - 2013-10-06 13:25 - 00142582 _____ () C:\Windows\system32\perfc01D.dat
2015-03-29 10:49 - 2013-10-06 13:04 - 00428472 _____ () C:\Windows\system32\perfh012.dat
2015-03-29 10:49 - 2013-10-06 13:04 - 00120492 _____ () C:\Windows\system32\perfc012.dat
2015-03-29 10:49 - 2013-10-06 12:50 - 00668888 _____ () C:\Windows\system32\perfh005.dat
2015-03-29 10:49 - 2013-10-06 12:50 - 00141534 _____ () C:\Windows\system32\perfc005.dat
2015-03-29 10:49 - 2013-10-06 12:17 - 00743546 _____ () C:\Windows\system32\perfh013.dat
2015-03-29 10:49 - 2013-10-06 12:17 - 00153210 _____ () C:\Windows\system32\perfc013.dat
2015-03-29 10:49 - 2013-10-06 11:57 - 00481550 _____ () C:\Windows\system32\perfh00B.dat
2015-03-29 10:49 - 2013-10-06 11:57 - 00101628 _____ () C:\Windows\system32\perfc00B.dat
2015-03-29 10:49 - 2013-10-06 11:47 - 00683802 _____ () C:\Windows\system32\perfh00E.dat
2015-03-29 10:49 - 2013-10-06 11:47 - 00171382 _____ () C:\Windows\system32\perfc00E.dat
2015-03-29 10:49 - 2013-10-06 11:28 - 00745504 _____ () C:\Windows\system32\perfh00A.dat
2015-03-29 10:49 - 2013-10-06 11:28 - 00158582 _____ () C:\Windows\system32\perfc00A.dat
2015-03-29 10:49 - 2013-10-06 11:04 - 00392392 _____ () C:\Windows\system32\perfh00D.dat
2015-03-29 10:49 - 2013-10-06 11:04 - 00084866 _____ () C:\Windows\system32\perfc00D.dat
2015-03-29 10:49 - 2013-10-06 10:47 - 00740094 _____ () C:\Windows\system32\perfh010.dat
2015-03-29 10:49 - 2013-10-06 10:47 - 00146954 _____ () C:\Windows\system32\perfc010.dat
2015-03-29 10:49 - 2013-10-06 10:36 - 00745764 _____ () C:\Windows\system32\perfh00C.dat
2015-03-29 10:49 - 2013-10-06 10:36 - 00479062 _____ () C:\Windows\system32\perfh001.dat
2015-03-29 10:49 - 2013-10-06 10:36 - 00149688 _____ () C:\Windows\system32\perfc00C.dat
2015-03-29 10:49 - 2013-10-06 10:36 - 00094880 _____ () C:\Windows\system32\perfc001.dat
2015-03-29 10:49 - 2013-10-06 10:15 - 00697256 _____ () C:\Windows\system32\perfh007.dat
2015-03-29 10:49 - 2013-10-06 10:15 - 00149224 _____ () C:\Windows\system32\perfc007.dat
2015-03-29 10:49 - 2009-07-14 01:13 - 17450248 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 10:48 - 2011-10-25 11:51 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 10:48 - 2011-10-25 11:51 - 00017088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 18:04 - 2011-10-22 17:44 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000UA.job
2015-03-25 17:24 - 2014-12-10 18:16 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 17:24 - 2014-05-06 23:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-23 22:01 - 2013-09-09 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-03-23 22:01 - 2011-10-22 18:30 - 00000000 ____D () C:\Program Files\DivX
2015-03-23 22:01 - 2011-10-22 18:30 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-03-23 22:01 - 2011-10-22 18:28 - 00000000 ____D () C:\ProgramData\DivX
2015-03-23 21:58 - 2011-10-22 17:44 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000Core.job
2015-03-23 17:22 - 2009-07-14 01:08 - 00032586 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-16 03:31 - 2009-07-14 00:45 - 00445064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\uk-UA
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sr-Latn-CS
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sl-SI
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\sk-SK
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ro-RO
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\lv-LV
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\lt-LT
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\hr-HR
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\he-IL
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\et-EE
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\bg-BG
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\ar-SA
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\th-TH
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\he-IL
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\et-EE
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-03-16 03:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-03-16 03:14 - 2011-10-25 19:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-16 03:14 - 2006-11-02 08:34 - 00000219 _____ () C:\Windows\win.ini
2015-03-16 03:05 - 2013-08-19 23:42 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-16 03:02 - 2011-10-25 23:35 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-15 17:31 - 2012-07-10 21:26 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-05 22:06 - 2012-08-06 18:30 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Apple Computer
2015-03-05 22:01 - 2015-02-21 18:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-05 22:01 - 2012-08-06 18:29 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-04 18:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-03-03 09:17 - 2011-10-23 21:57 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2013-09-14 23:28 - 2013-09-13 22:04 - 0012005 _____ () C:\Users\Sarah\AppData\Roaming\alsoft.ini
2012-06-29 23:34 - 2012-06-29 23:34 - 0011298 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphymuuo.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-15 18:42

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sarah at 2015-03-29 11:01:26
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Age of Empires III: Complete Collection (HKLM-x32\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
American McGee's Alice(tm) (HKLM-x32\...\{77B5AD60-8F14-11D4-9BC9-0050041A1090}) (Version: - )
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.0.0 - Asmedia Technology)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version: - )
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None, Inc.)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version: - Double Fine Productions)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - )
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.0.0.6410 - Citrix Systems, Inc.)
Depression Quest (HKLM-x32\...\Steam App 270170) (Version: - The Quinnspiracy)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - ) <==== ATTENTION
Dropbox (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EndNote X4 (HKLM-x32\...\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}) (Version: 14.0.2.5149 - Thomson Reuters)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version: - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Bethesda Softworks)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Google Chrome (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Google+ Auto Backup) (Version: 1.0.27.161 - Google, Inc.)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version: - )
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
K-Lite Codec Pack 9.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.2.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Add-On Installer (HKLM-x32\...\{4BED8F48-59BF-414F-8ABF-A10BD714F966}) (Version: 2.0.4067.22360 - Team [SAO])
Left 4 Dead 2 Add-on Support (HKLM-x32\...\Steam App 564) (Version: - Valve)
Left 4 Dead 2 Dedicated Server (HKLM-x32\...\Steam App 560) (Version: - Valve)
Left 4 Dead Dedicated Server (HKLM-x32\...\Steam App 510) (Version: - Valve)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\Steam App 17460) (Version: - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version: - BioWare)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.5.50938 - Корпорация Майкрософт)
Microsoft .NET Framework 4.5.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1(한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1, norsk språkpakke (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.5.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
MyFreeCodec (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\MyFreeCodec) (Version: - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NTI Backup Now EZ (HKLM-x32\...\InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}) (Version: 2.5.2.56 - NTI Corporation)
NTI Backup Now EZ (x32 Version: 2.5.2.56 - NTI Corporation) Hidden
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version: - Young Horses)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plants vs. Zombies: Game of the Year (HKLM-x32\...\Steam App 3590) (Version: - PopCap Games, Inc.)
Psychonauts (HKLM-x32\...\Steam App 3830) (Version: - Double Fine Productions, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.247.222.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - )
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version: - Volition)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14034.17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Sanctum 2 (HKLM-x32\...\Steam App 210770) (Version: - Coffee Stain Studios)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version: - MinMax Games Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version: - )
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version: - Irrational Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - )
The Binding Of Isaac (HKLM-x32\...\Steam App 113200) (Version: - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
Torchlight (HKLM-x32\...\Steam App 41500) (Version: - Runic Games)
Transistor (HKLM-x32\...\Steam App 237930) (Version: - Supergiant Games)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 3.1.0 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.8.1.0 - Azureus Software, Inc.)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2006-09-18 17:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17F74D12-49BE-4BE6-8243-33F60C847F02} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EFB4A79-41A4-4F40-8E81-5A646413E2D9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {214BE55F-04A0-4435-B0BF-5D08C2EDCFE9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {281BB812-7F17-446F-8D47-73DADB2F93E7} - System32\Tasks\{45045A8D-A9C3-42BF-99C2-C3ABB923EF30} => pcalua.exe -a "C:\program files (x86)\steam\steamapps\common\left 4 dead 2\bin\addoninstaller.exe" -d "c:\program files (x86)\steam\steamapps\common\left 4 dead 2" -c /register
Task: {5802F255-5DD1-4A05-842A-46C8A9336D43} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {657AB63A-E41B-4089-A307-0A3392AB3C7C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {742E0774-2EA0-4F71-AF2F-9CDB9F8FCEBB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {8574DD2E-1355-436A-A059-75C392142F1D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe
Task: {882DEA22-59BC-458E-8581-FC6F93B1EC3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {8D0F4B17-1B34-4F86-AF9A-6F80B91CAAEA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {BC37D7EE-8A7B-43AB-833C-7041A4D0A0AD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {C15F8E8F-C064-4FEB-AF1A-4C3ACC1A2649} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {C28278BF-1ABF-4595-BB2A-15201DDF25E3} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3452437872-2670650920-2198047957-1000UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-18 01:57 - 2014-11-12 17:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-11-08 00:36 - 2011-05-28 23:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-09-23 21:54 - 2011-09-23 21:54 - 00465344 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
2013-04-12 08:59 - 2012-11-13 14:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-04-12 08:59 - 2012-11-13 14:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-04-12 08:59 - 2012-11-13 14:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-04-12 08:59 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-04-12 08:59 - 2012-11-13 14:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2014-03-02 22:31 - 2015-03-10 02:37 - 00775680 _____ () D:\Steam\SDL2.dll
2015-01-19 17:51 - 2014-12-01 20:29 - 05002752 _____ () D:\Steam\v8.dll
2015-01-19 17:51 - 2014-12-01 20:29 - 01612800 _____ () D:\Steam\icui18n.dll
2015-01-19 17:51 - 2014-12-01 20:29 - 01210368 _____ () D:\Steam\icuuc.dll
2014-05-21 19:26 - 2015-03-24 00:22 - 02371776 _____ () D:\Steam\video.dll
2014-08-28 21:48 - 2014-12-01 17:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2014-08-28 21:48 - 2014-12-01 17:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2014-08-28 21:48 - 2014-12-01 17:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2014-08-28 21:48 - 2014-12-01 17:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2014-08-28 21:48 - 2014-12-01 17:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2014-03-02 22:32 - 2015-03-24 00:22 - 00702656 _____ () D:\Steam\bin\chromehtml.DLL
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-08-12 13:18 - 2011-08-12 13:18 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2013-04-12 08:59 - 2012-11-13 14:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-29 10:56 - 2015-03-29 10:56 - 00043008 _____ () c:\users\sarah\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphymuuo.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Sarah\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-03-02 22:32 - 2015-02-24 21:58 - 34641288 _____ () D:\Steam\bin\libcef.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-21 13:05 - 2015-03-14 06:12 - 01174856 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-21 13:05 - 2015-03-14 06:12 - 00080200 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-21 13:05 - 2015-03-14 06:12 - 09278792 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\41.0.2272.101\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3452437872-2670650920-2198047957-500 - Administrator - Disabled)
Guest (S-1-5-21-3452437872-2670650920-2198047957-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3452437872-2670650920-2198047957-1007 - Limited - Enabled)
Sarah (S-1-5-21-3452437872-2670650920-2198047957-1000 - Administrator - Enabled) => C:\Users\Sarah

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8362

Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8362

Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2015 06:26:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: STELLA)
Description: Application or service 'Google Chrome' could not be shut down.

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3073

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (03/29/2015 10:53:10 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.195.184.0

Update Source: %NT AUTHORITY59

Update Stage: 4.7.0205.00

Source Path: 4.7.0205.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/29/2015 10:53:10 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.195.184.0

Update Source: %NT AUTHORITY59

Update Stage: 4.7.0205.00

Source Path: 4.7.0205.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (03/25/2015 05:34:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/25/2015 05:34:33 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (03/25/2015 05:25:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (03/25/2015 05:25:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (03/22/2015 10:22:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (03/21/2015 00:07:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.

Error: (03/18/2015 06:37:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (03/18/2015 06:37:22 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Microsoft Office Sessions:
=========================
Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8362

Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8362

Error: (03/17/2015 07:00:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2015 06:26:20 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: STELLA)
Description: 1C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exeGoogle Chrome021174280

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4072

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4072

Error: (02/21/2015 04:47:55 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3073

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3073

Error: (02/21/2015 04:47:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

CodeIntegrity Errors:
===================================
Date: 2011-10-25 01:12:47.279
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-25 01:12:47.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-25 01:12:46.936
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-25 01:12:46.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2011-10-25 01:12:46.577
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2105 CPU @ 3.10GHz
Percentage of memory in use: 58%
Total physical RAM: 8172.13 MB
Available physical RAM: 3383.68 MB
Total Pagefile: 16342.45 MB
Available Pagefile: 11674.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.79 GB) (Free:0.62 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WD Hard Drive) (Fixed) (Total:931.51 GB) (Free:433.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: FC35723F)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 198FD25A)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Juliet

2015-03-30, 15:45

Hi and welcome

http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html
Enable System Restore
Please follow the above tutorial to enable system restore. This could be a safety catch and is needed in the event we need to do a restore.

~~~~~~~~~~~~~~~~

uninstall
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version: - )

~~~~~~~~~~~~~~`

How to show hidden files in Windows 7
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\System32\Drivers\akprivjh.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~`

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR StartupUrls: Default -> "hxxp://en.wikipedia.org/wiki/Special:Random"
C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphymuuo.dll
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~

please post
file requested scanned
Fixlog.txt
AdwCleaner.txt

montypy88

2015-03-31, 03:22

Hello! Thank you for your reply. I have performed the following actions.

Enable system restore

~~~~~~~~~~~~~~

Uninstall Download Updater (AOL LLC)

~~~~~~~~~~~~~

Shown hidden files in Windows 7

~~~~~~~~~~~~~

I cannot find the file C:\Windows\System32\Drivers\akprivjh.sys in that folder.

I did not proceed with subsequent steps just in case.

Thank you! Please let me know if there is another file name I should scan.

Juliet

2015-03-31, 11:53

At this time let's continue with the instructions for

Fixlog.txt
AdwCleaner.txt

montypy88

2015-04-01, 01:00

Here is the Fixlog.txt -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sarah at 2015-03-31 18:48:36 Run:1
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available profiles: Sarah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
CHR StartupUrls: Default -> "hxxp://en.wikipedia.org/wiki/Special:Random"
C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphymuuo.dll
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Sarah\AppData\Local\Google\Update\1.3.21.79\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Sarah\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKU\S-1-5-21-3452437872-2670650920-2198047957-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
Chrome StartupUrls deleted successfully.
"C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphymuuo.dll" => File/Directory not found.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-3452437872-2670650920-2198047957-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
EmptyTemp: => Removed 441.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:49:11 ====

~~~~~~~~~~~~~~~~~~~~~~

Here is the AdwCleaner[S0].txt -

# AdwCleaner v4.200 - Logfile created 31/03/2015 at 18:55:43
# Updated 29/03/2015 by Xplode
# Database : 2015-03-29.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Sarah - STELLA
# Running from : C:\Users\Sarah\Desktop\adwcleaner_4.200.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Sarah\AppData\Roaming\Search Protection

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride]

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [2163 bytes] - [31/03/2015 18:52:45]
AdwCleaner[S0].txt - [1968 bytes] - [31/03/2015 18:55:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2027 bytes] ##########

Juliet

2015-04-01, 01:22

I'd like for you to run a Malwarebytes scan

Please open MBAM, click on the update button.

If it updates or is already up to date

Next at the top click on Scan

Please click on THREAT, then click on Start Scan

When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
After rebooting the computer, copy and paste the mbam.log in your next reply.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

Open Malwarebytes Anti-Malware.
Click the History Tab at the top and select Application Logs.
Select (check) the box next to Scan Log. Choose the most current scan.
Click the View button.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

Open Malwarebytes Anti-Malware.
Click the Scan Tab at the top.
Click the View detailed log link on the right.
Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

~~~~~~~~~`

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please run a free online scan with the ESET Online Scanner

US Link: http://www.eset.com/us/online-scanner/
EU Link: http://www.eset.eu/online-scanner/

Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.

Turn off the real time scanner of any existing antivirus program while performing the online scan.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Under "Current Scan Targets" > click "change" and ensure all your drives are selected
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Attach the log as a reply to your next reply..
Close the ESET online scan, and let me know how things are now.

Please post both of these logs when finished.

Also, please tell me how the computer is at the moment.

montypy88

2015-04-01, 01:48

Malwarebytes scan log -

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/31/2015
Scan Time: 7:35:50 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.03.31.07
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sarah

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 390564
Time Elapsed: 8 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Spigot.A, C:\Program Files\Vuze\spg.zip, Quarantined, [db384efeafdb72c429bf00d832cf6e92],
PUP.Optional.Winsock.Hijack, C:\Windows\System32\plsapp64.dll, Quarantined, [37dcf75592f890a6d0be004d6f96b34d],

Physical Sectors: 0
(No malicious items detected)

(end)

montypy88

2015-04-01, 01:49

At the moment, my computer appears to be running normally. I am about to begin the ESET scan. I will post when it is finished. Thank you for your help! :)

Juliet

2015-04-01, 12:22

Good deal.

montypy88

2015-04-01, 23:42

ESET Scan Text file - 16 results found

C:\Users\Sarah\Downloads\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
C:\Users\Sarah\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sarah\Downloads\dfsetup217.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sarah\Downloads\epm.exe Win32/OpenCandy potentially unsafe application
C:\Users\Sarah\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Sarah\Downloads\spsetup123 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application
D:\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\dfsetup217.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\epm.exe Win32/OpenCandy potentially unsafe application
D:\Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\spsetup123 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\spsetup126.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Pictures\Random internet pictures I love\Backgrounds\spsetup123.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

Juliet

2015-04-02, 00:42

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
C:\Users\Sarah\Downloads\ccsetup321.exe
C:\Users\Sarah\Downloads\ccsetup411.exe
C:\Users\Sarah\Downloads\dfsetup217.exe
C:\Users\Sarah\Downloads\epm.exe
C:\Users\Sarah\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Sarah\Downloads\spsetup123 (1).exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
D:\Downloads\ccsetup321.exe
D:\Downloads\ccsetup411.exe
D:\Downloads\dfsetup217.exe
D:\Downloads\epm.exe
D:\Downloads\Shockwave_Installer_Slim.exe
D:\Downloads\spsetup123 (1).exe
D:\Downloads\spsetup126.exe
D:\Pictures\Random internet pictures I love\Backgrounds\spsetup123.exe
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please post this log when finished.

Ready to remove tools and quarantine folders?

montypy88

2015-04-02, 03:51

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sarah at 2015-04-01 21:47:21 Run:2
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available profiles: Sarah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Users\Sarah\Downloads\ccsetup321.exe
C:\Users\Sarah\Downloads\ccsetup411.exe
C:\Users\Sarah\Downloads\dfsetup217.exe
C:\Users\Sarah\Downloads\epm.exe
C:\Users\Sarah\Downloads\Shockwave_Installer_Slim.exe
C:\Users\Sarah\Downloads\spsetup123 (1).exe
C:\Windows\System32\Adobe\Shockwave 12\gt.exe
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe
D:\Downloads\ccsetup321.exe
D:\Downloads\ccsetup411.exe
D:\Downloads\dfsetup217.exe
D:\Downloads\epm.exe
D:\Downloads\Shockwave_Installer_Slim.exe
D:\Downloads\spsetup123 (1).exe
D:\Downloads\spsetup126.exe
D:\Pictures\Random internet pictures I love\Backgrounds\spsetup123.exe
End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Sarah\Downloads\ccsetup321.exe => Moved successfully.
C:\Users\Sarah\Downloads\ccsetup411.exe => Moved successfully.
C:\Users\Sarah\Downloads\dfsetup217.exe => Moved successfully.
C:\Users\Sarah\Downloads\epm.exe => Moved successfully.
C:\Users\Sarah\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
C:\Users\Sarah\Downloads\spsetup123 (1).exe => Moved successfully.
"C:\Windows\System32\Adobe\Shockwave 12\gt.exe" => File/Directory not found.
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe => Moved successfully.
D:\Downloads\ccsetup321.exe => Moved successfully.
D:\Downloads\ccsetup411.exe => Moved successfully.
D:\Downloads\dfsetup217.exe => Moved successfully.
D:\Downloads\epm.exe => Moved successfully.
D:\Downloads\Shockwave_Installer_Slim.exe => Moved successfully.
D:\Downloads\spsetup123 (1).exe => Moved successfully.
D:\Downloads\spsetup126.exe => Moved successfully.
D:\Pictures\Random internet pictures I love\Backgrounds\spsetup123.exe => Moved successfully.

The system needed a reboot.

==== End of Fixlog 21:47:51 ====

~~~~~~~~~~~~~

Yes I am! Not sure if it matters, but Spybot still runs when I start my computer and it still says that Qtrax is in my disc drive.

Juliet

2015-04-02, 12:50

I think this came in through downloading music?

Qtrax DRM (Qtrax digital music
Qtrax is a P2P file sharing network
Qtrax said its DRM system (which counts how many times tracks have been
Qtrax is a service aiming to provide free music

Let's see if we can find it.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:folderfind
Qtrax
:filefind
Qtrax
:regfind
Qtrax

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Also, run this file name through the same procedure

:folderfind
akprivjh.sys
:filefind
akprivjh.sys
:regfind
akprivjh.sys
Please post the info when done.

montypy88

2015-04-02, 23:36

Qtrax -

SystemLook 30.07.11 by jpshortstuff
Log created at 17:31 on 02/04/2015 by Sarah
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Qtrax"
No folders found.

========== filefind ==========

Searching for "Qtrax"
No files found.

========== regfind ==========

Searching for "Qtrax"
No data found.

-= EOF =-

~~~~~~~~~~~~~~~

That other file -

SystemLook 30.07.11 by jpshortstuff
Log created at 17:33 on 02/04/2015 by Sarah
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "akprivjh.sys"
No folders found.

========== filefind ==========

Searching for "akprivjh.sys"
No files found.

========== regfind ==========

Searching for "akprivjh.sys"
No data found.

-= EOF =-

Juliet

2015-04-03, 01:09

Not the results I was hoping for.

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~

Run FRST one more time:

Type the following in the edit box after "Search:"
Qtrax
then copy and paste the below in
FindFolder:Qtrax
Click Search button and post the log (Search.txt) it makes to your reply.

Juliet

2015-04-03, 01:34

Do you have some sort of external USB or disc drive connected when SpyBot alerts to Qtrax?

montypy88

2015-04-03, 03:17

Nope! There is nothing in my disc drive and I do not have any external drives plugged in. I even opened up my disc drive to check to see if I had forgotten a CD in there, but I haven't.

~~~~~~~~~~~~

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Ultimate x64
Ran by Sarah on Thu 04/02/2015 at 20:30:50.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/02/2015 at 20:33:01.51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

montypy88

2015-04-03, 03:24

Qtrax Search - "Qtrax"

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sarah at 2015-04-02 21:18:14
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal

================== Search Files: "Qtrax" =============

====== End Of Search ======

~~~~~~~~~~~~~~~

Qtrax Search - FindFolder:Qtrax

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sarah at 2015-04-02 21:19:43
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal

================== Search Files: "FindFolder:Qtrax" =============

====== End Of Search ======

~~~~~~~~~~~~~~

I also searched the below because I wasn't 100% sure what you were asking me.

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Sarah at 2015-04-02 21:20:46
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal

================== Search Files: "Qtrax FindFolder:Qtrax" =============

====== End Of Search ======

montypy88

2015-04-03, 03:55

If it helps, Spybot says that it is detecting a program directory in F:\Music\Qtrax Media Library\. The F:\ drive is definitely my disc drive, though, which I rarely if ever use.

montypy88

2015-04-03, 03:58

If it helps, Spybot says that it is detecting a program directory in F:\Music\Qtrax Media Library\. The F:\ drive is definitely my disc drive, though, which I rarely if ever use.

Here's a screenshot, if it helps.

1216912169

Juliet

2015-04-03, 13:51

We can delete that folder but whatever music might be inside will probably be gone afterwards.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CreateRestorePoint:
CloseProcesses:
F:\Music\Qtrax Media Library
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

montypy88

2015-04-04, 00:08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Sarah at 2015-04-03 18:05:31 Run:3
Running from C:\Users\Sarah\Desktop
Loaded Profiles: Sarah (Available profiles: Sarah)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
F:\Music\Qtrax Media Library
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"F:\Music\Qtrax Media Library" => File/Directory not found.
EmptyTemp: => Removed 285 MB temporary data.

The system needed a reboot.

==== End of Fixlog 18:05:57 ====

Juliet

2015-04-04, 03:05

See if you can manually find this
F:\Music\ <--
then locate and delete

Qtrax Media Library <--folder

montypy88

2015-04-04, 17:04

Nope, I tried that before posting. I tried going to Computer and double-clicking on the empy F:\ drive, and since there was no disc I couldn't open it. I tried searching for F:\Music\ in the computer screen and in the Search bar when you click on the Windows icon.

I tried putting a CD in the disc drive and rescanning my system to see if that gave Spybot something to scan in that drive. Maybe a disc I had in there before triggered the malware warning because IT had Qtrax, but nothing subsequent has?

It worked! I did a scan with a CD in my disc drive and Spybot is no longer detecting Qtrax in my disc drive. My guess would be that it was associated with a file I used to make a mix CD, but since I haven't put a CD in there since then, it couldn't clean it. Thank you for your help! Now how do I get rid of all of this stuff? :P

Juliet

2015-04-04, 18:53

It worked! I did a scan with a CD in my disc drive and Spybot is no longer detecting Qtrax in my disc drive. My guess would be that it was associated with a file I used to make a mix CD, but since I haven't put a CD in there since then, it couldn't clean it. Thank you for your help! Now how do I get rid of all of this stuff? :P

Thank you for taking that extra step because I was stumped how to find it since it wasn't related to the operating system files, program, or data files.

Stuff, what stuff?

lol

we will now.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup

Click the Run button.

-- This will remove the specialized tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

montypy88

2015-04-04, 19:56

Here's the log from DelFix.txt -

# DelFix v10.9 - Logfile created 04/04/2015 at 13:55:57
# Updated 27/02/2015 by Xplode
# Username : Sarah - STELLA
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Sarah\Desktop\Addition.txt
Deleted : C:\Users\Sarah\Desktop\adwcleaner_4.200.exe
Deleted : C:\Users\Sarah\Desktop\aswMBR.exe
Deleted : C:\Users\Sarah\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Sarah\Desktop\Fixlog.txt
Deleted : C:\Users\Sarah\Desktop\FRST.txt
Deleted : C:\Users\Sarah\Desktop\FRST64.exe
Deleted : C:\Users\Sarah\Desktop\JRT.exe
Deleted : C:\Users\Sarah\Desktop\JRT.txt
Deleted : C:\Users\Sarah\Desktop\Search.txt
Deleted : C:\Users\Sarah\Desktop\SystemLook.exe
Deleted : C:\Users\Sarah\Desktop\SystemLook.txt
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

########## - EOF - ##########

montypy88

2015-04-04, 20:09

I am already running AdBlock and have the free version of MalwareBytes, and I'm running MSE as my anti-virus. I also have the Ghostery extension for Chrome and CCleaner. Would you recommend that I keep all of the programs above? Do you think I should download CryptoPrevent, MBAE, Secuina PSI, SpywareBlaster, and WOT? Would you recommend running a different antivirus? I'm positive that the Qtrax came from downloading a song for mix CD for my car, and I typically browse the internet cautiously to prevent this type of thing from occurring, just wondering if you had any tips as I like to learn.

Thank you again for all of your help! I learned a lot of troubleshooting techniques. :)

Juliet

2015-04-05, 00:31

I am already running AdBlock and have the free version of MalwareBytes, and I'm running MSE as my anti-virus. I also have the Ghostery extension for Chrome and CCleaner. Would you recommend that I keep all of the programs above? Do you think I should download CryptoPrevent, MBAE, Secuina PSI, SpywareBlaster, and WOT? Would you recommend running a different antivirus? I'm positive that the Qtrax came from downloading a song for mix CD for my car, and I typically browse the internet cautiously to prevent this type of thing from occurring, just wondering if you had any tips as I like to learn.

Thank you again for all of your help! I learned a lot of troubleshooting techniques. :)

Sounds like your going good at layered protection now. Keep what you already have installed.
I've seen a few complain about CryptoPrevent but, to that it seems to slow a system down but you got to think about the protection it adds to your computer.
MBAE, Secuina PSI, and WOT <-- yes
SpywareBlaster,<-- do you have any other malicious web site protection on the machine?
NoScript <-- good to have if you run any Java applications or if you visit any sites where java script is used.

montypy88

2015-04-06, 05:42

All righty, thanks. In case you need to hear it from me, I consider myself helped! Thank you again!

Juliet

2015-04-06, 11:26

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.