I couldn't run DDS, I would get this error error window: "DDS is not meant to run in 'Compatibility Mode". The program shall exit now. So I ran FRST, results below.
-------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Carlos (administrator) on CARLOSPC (05-04-2016 17:11:21)
Running from C:\Users\Carlos\Desktop
Loaded Profiles: Carlos (Available Profiles: Carlos)
Platform: Windows 8.1 (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify Web Helper] => C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify] => C:\Users\Carlos\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {244d0f28-b8d1-11e3-beb4-a4173169cd62} - "I:\LaunchU3.exe" -a
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {2a787292-34ce-11e2-be65-806e6f6e6963} - "D:\IFZ.exe"
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{363C7C16-51AE-45A3-894C-9D95F62C7DFD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574990832&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574985822&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> {595575C4-933F-475C-A179-CCB1B0E741AE} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741
FF NewTab: about:home
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: electronicarts.com/GameFacePlugin -> C:\Users\Carlos\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-26] (Nullsoft, Inc.)
FF Extension: Search Window Results - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\Extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi [2016-03-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-06] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (Search Window Results) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfebdmgdilkekeneldmidbfmfioakajg [2016-04-02] [UpdateUrl: hxxp://cdn.searchwindowresults.com/update] <==== ATTENTION
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-03] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsl0b122d0f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F4F9BA-4192-4600-B2D0-A7FF41BC54F9}\MpKsl0b122d0f.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 17:11 - 2016-04-05 17:12 - 00029910 _____ C:\Users\Carlos\Desktop\FRST.txt
2016-04-05 17:11 - 2016-04-05 17:11 - 00000000 ____D C:\FRST
2016-04-05 17:09 - 2016-04-05 17:10 - 02374144 _____ (Farbar) C:\Users\Carlos\Desktop\FRST64.exe
2016-04-05 17:05 - 2016-04-05 17:05 - 00000000 ___RD C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-03 23:07 - 2016-04-03 23:08 - 00171244 _____ C:\WINDOWS\ntbtlog.txt
2016-04-03 22:25 - 2016-04-03 22:25 - 00688992 _____ (Swearware) C:\Users\Carlos\Downloads\dds(1).scr
2016-04-03 19:08 - 2016-04-03 19:08 - 03102720 _____ C:\Users\Carlos\Downloads\adwcleaner_5.108.exe
2016-04-03 18:40 - 2016-04-05 17:05 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-03 18:40 - 2016-04-03 22:45 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-03 18:40 - 2016-04-03 18:40 - 00987728 _____ (Google Inc.) C:\Users\Carlos\Downloads\ChromeSetup.exe
2016-04-03 18:40 - 2016-04-03 18:40 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 18:40 - 2016-04-03 18:40 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-03 18:40 - 2016-04-03 18:40 - 00000000 _____ C:\autoexec.bat
2016-04-03 18:39 - 2016-04-03 18:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Carlos\Downloads\SpyHunter-Installer.exe
2016-04-03 18:39 - 2016-04-03 18:39 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-03 18:27 - 2016-04-03 18:27 - 00688992 _____ (Swearware) C:\Users\Carlos\Desktop\dds.scr
2016-03-31 22:35 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-03-31 22:35 - 2016-03-31 22:35 - 00000000 ____D C:\Users\Carlos\AppData\Local\rec_en_238
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Users\Carlos\AppData\Local\dply_en_015020284
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\dply_en_015020284
2016-03-31 22:30 - 2016-03-31 22:30 - 00000000 ____D C:\Program Files (x86)\Checked List
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-7771-1
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-2313-0
2016-03-31 22:29 - 2016-04-02 20:49 - 00000000 ____D C:\Program Files\Oacocday
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-03-31 22:29 - 2016-03-31 22:32 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\System Healer
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\LocalLow\Company
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\Local\Tempfolder
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\uninst
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-1921-1
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-0e67-0
2016-03-31 22:28 - 2016-04-02 20:49 - 00000000 ____D C:\ProgramData\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Search Window Results
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-03-20 14:49 - 2016-03-20 18:51 - 52849857 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse 2.psd
2016-03-20 14:49 - 2016-03-20 14:49 - 47970458 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse.psd
2016-03-19 21:36 - 2016-03-19 21:46 - 1876282022 _____ C:\Users\Carlos\Downloads\In.the.Heart.of.the.Sea.avi
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieUserList
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieSiteList
2016-03-10 20:51 - 2016-03-10 20:51 - 11335442 _____ C:\Users\Carlos\Documents\Characters Skribbles and What Nots.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 17:10 - 2013-09-29 21:04 - 00971464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-05 17:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-05 17:09 - 2013-12-21 10:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\ClassicShell
2016-04-05 17:07 - 2012-11-22 09:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-05 17:05 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Local\Spotify
2016-04-05 17:05 - 2013-12-09 22:37 - 00000000 ___RD C:\Users\Carlos\SkyDrive
2016-04-05 17:04 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 22:52 - 2014-03-31 05:28 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF894DA9-E6A4-4C09-950E-A0DC7AA4C454}
2016-04-03 22:49 - 2012-12-26 00:53 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645849503-499310708-3259883643-1001
2016-04-03 22:38 - 2013-04-07 18:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-03 22:28 - 2012-12-28 12:22 - 05910528 ___SH C:\Users\Carlos\Downloads\Thumbs.db
2016-04-03 19:15 - 2014-09-28 17:03 - 00000000 ____D C:\AdwCleaner
2016-04-03 19:13 - 2012-12-26 01:17 - 00002277 _____ C:\Users\Carlos\Desktop\Google Chrome.lnk
2016-04-03 19:13 - 2012-12-25 20:02 - 00002307 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 19:11 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-03 18:41 - 2012-12-26 01:17 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 02:00 - 2012-12-30 04:07 - 00000000 ____D C:\Users\Carlos\AppData\Local\Adobe
2016-04-02 21:38 - 2013-04-07 18:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-02 21:22 - 2013-05-26 13:06 - 00609792 ___SH C:\Users\Carlos\Desktop\Thumbs.db
2016-04-02 21:15 - 2013-12-15 14:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-02 20:50 - 2013-12-09 21:27 - 00000000 ____D C:\Users\Carlos
2016-04-02 20:48 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\Spotify
2016-04-02 20:48 - 2015-07-30 06:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-04-02 20:48 - 2013-01-06 11:19 - 00000000 ____D C:\Users\Carlos\Downloads\Software
2016-04-02 20:48 - 2012-12-29 09:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2016-04-02 20:47 - 2013-09-13 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-02 20:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-02 20:47 - 2013-02-07 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2016-04-02 20:47 - 2012-12-26 00:46 - 00000000 ____D C:\ProgramData\Atheros
2016-04-02 20:46 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-02 20:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-02 20:39 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-02 20:36 - 2013-09-22 15:57 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-04-02 18:03 - 2012-12-28 06:05 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\CyberLink
2016-03-13 18:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Files in the root of some directories =======
2015-04-19 19:49 - 2015-04-19 19:49 - 0000132 _____ () C:\Users\Carlos\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-01-05 19:15 - 2013-01-13 17:18 - 0099384 _____ () C:\Users\Carlos\AppData\Roaming\inst.exe
2013-01-05 19:15 - 2013-01-13 17:18 - 0007859 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.cat
2013-01-05 19:15 - 2013-01-13 17:18 - 0001167 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.inf
2013-01-05 19:15 - 2013-01-13 17:18 - 0000034 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.log
2013-01-05 19:15 - 2013-01-13 17:18 - 0082816 _____ (VSO Software) C:\Users\Carlos\AppData\Roaming\pcouffin.sys
2012-12-18 16:55 - 2012-12-18 16:55 - 27978904 _____ (VSO-Software ) C:\Users\Carlos\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2013-08-30 23:13 - 2013-09-21 18:25 - 0000600 _____ () C:\Users\Carlos\AppData\Roaming\winscp.rnd
2015-10-07 17:35 - 2015-10-07 17:36 - 225111747 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-10-07 17:35 - 2015-10-07 17:36 - 0002530 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2013-09-21 08:58 - 2013-09-21 08:58 - 0003584 _____ () C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-04 17:32 - 2013-02-04 17:32 - 0000094 _____ () C:\Users\Carlos\AppData\Local\fusioncache.dat
2014-02-17 01:21 - 2014-02-17 01:21 - 0000218 _____ () C:\Users\Carlos\AppData\Local\recently-used.xbel
2012-11-22 09:17 - 2012-11-22 09:17 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-22 09:14 - 2012-11-22 09:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-22 09:15 - 2012-11-22 09:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-22 09:14 - 2012-11-22 09:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-22 09:16 - 2012-11-22 09:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-03 22:49
==================== End of FRST.txt ============================
-------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Carlos (administrator) on CARLOSPC (05-04-2016 17:11:21)
Running from C:\Users\Carlos\Desktop
Loaded Profiles: Carlos (Available Profiles: Carlos)
Platform: Windows 8.1 (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Spotify Ltd) C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyCrashService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1212560 2012-06-13] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe [757888 2012-07-02] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [127104 2012-07-02] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Shwicon9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe [262144 2012-06-28] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1185112 2010-04-02] (CANON INC.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify Web Helper] => C:\Users\Carlos\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\Run: [Spotify] => C:\Users\Carlos\AppData\Roaming\Spotify\Spotify.exe [8449136 2016-02-09] (Spotify Ltd)
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {244d0f28-b8d1-11e3-beb4-a4173169cd62} - "I:\LaunchU3.exe" -a
HKU\S-1-5-21-645849503-499310708-3259883643-1001\...\MountPoints2: {2a787292-34ce-11e2-be65-806e6f6e6963} - "D:\IFZ.exe"
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bloggie Watcher Utility.lnk [2013-01-14]
ShortcutTarget: Bloggie Watcher Utility.lnk -> C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe (Sony Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{363C7C16-51AE-45A3-894C-9D95F62C7DFD}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574990832&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
HKU\S-1-5-21-645849503-499310708-3259883643-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130853452574985822&GUID=5043AD94-F076-4754-BE8D-D1B04DE60457
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> {595575C4-933F-475C-A179-CCB1B0E741AE} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-02] (Qualcomm Atheros Commnucations)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2013-10-20] (IvoSoft)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-07] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2013-10-20] (IvoSoft)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2013-10-20] (IvoSoft)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10] (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2013-10-20] (IvoSoft)
Toolbar: HKU\S-1-5-21-645849503-499310708-3259883643-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741
FF NewTab: about:home
FF DefaultSearchEngine: Yahoo!
FF DefaultSearchEngine.US: Default
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-04-02] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-07-14] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-04-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-02-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2009-09-25] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-07-14] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Carlos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-645849503-499310708-3259883643-1001: electronicarts.com/GameFacePlugin -> C:\Users\Carlos\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll [2012-12-20] (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-09-22] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013-06-26] (Nullsoft, Inc.)
FF Extension: Search Window Results - C:\Users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\ygwcdga4.default-1411948271741\Extensions\{af589b17-fcfd-45b3-ab9b-326c41a79a1d}.xpi [2016-03-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-06] [not signed]
Chrome:
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-24]
CHR Extension: (Search Window Results) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfebdmgdilkekeneldmidbfmfioakajg [2016-04-02] [UpdateUrl: hxxp://cdn.searchwindowresults.com/update] <==== ATTENTION
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-24]
CHR Extension: (Store) - C:\Users\Carlos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [128640 2012-07-02] (Qualcomm Atheros Commnucations) [File not signed]
S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [80472 2012-09-06] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62382256 2015-03-30] (Microsoft Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [1915920 2013-11-21] (SoftThinks SAS)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2015-03-30] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-06-19] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-03] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-07-02] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-04] (OSR Open Systems Resources, Inc.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-04-03] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2015-03-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [35856 2013-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [236888 2013-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S1 MpKsl0b122d0f; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80F4F9BA-4192-4600-B2D0-A7FF41BC54F9}\MpKsl0b122d0f.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 17:11 - 2016-04-05 17:12 - 00029910 _____ C:\Users\Carlos\Desktop\FRST.txt
2016-04-05 17:11 - 2016-04-05 17:11 - 00000000 ____D C:\FRST
2016-04-05 17:09 - 2016-04-05 17:10 - 02374144 _____ (Farbar) C:\Users\Carlos\Desktop\FRST64.exe
2016-04-05 17:05 - 2016-04-05 17:05 - 00000000 ___RD C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-03 23:07 - 2016-04-03 23:08 - 00171244 _____ C:\WINDOWS\ntbtlog.txt
2016-04-03 22:25 - 2016-04-03 22:25 - 00688992 _____ (Swearware) C:\Users\Carlos\Downloads\dds(1).scr
2016-04-03 19:08 - 2016-04-03 19:08 - 03102720 _____ C:\Users\Carlos\Downloads\adwcleaner_5.108.exe
2016-04-03 18:40 - 2016-04-05 17:05 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-03 18:40 - 2016-04-03 22:45 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-03 18:40 - 2016-04-03 18:40 - 00987728 _____ (Google Inc.) C:\Users\Carlos\Downloads\ChromeSetup.exe
2016-04-03 18:40 - 2016-04-03 18:40 - 00003888 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-03 18:40 - 2016-04-03 18:40 - 00003652 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-03 18:40 - 2016-04-03 18:40 - 00000000 _____ C:\autoexec.bat
2016-04-03 18:39 - 2016-04-03 18:39 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Carlos\Downloads\SpyHunter-Installer.exe
2016-04-03 18:39 - 2016-04-03 18:39 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-04-03 18:27 - 2016-04-03 18:27 - 00688992 _____ (Swearware) C:\Users\Carlos\Desktop\dds.scr
2016-03-31 22:35 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DesktopPlay
2016-03-31 22:35 - 2016-03-31 22:35 - 00000000 ____D C:\Users\Carlos\AppData\Local\rec_en_238
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Users\Carlos\AppData\Local\dply_en_015020284
2016-03-31 22:30 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\dply_en_015020284
2016-03-31 22:30 - 2016-03-31 22:30 - 00000000 ____D C:\Program Files (x86)\Checked List
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-7771-1
2016-03-31 22:29 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\b0bc73e9-2313-0
2016-03-31 22:29 - 2016-04-02 20:49 - 00000000 ____D C:\Program Files\Oacocday
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2016-03-31 22:29 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-03-31 22:29 - 2016-03-31 22:32 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\System Healer
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\LocalLow\Company
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\Users\Carlos\AppData\Local\Tempfolder
2016-03-31 22:29 - 2016-03-31 22:29 - 00000000 ____D C:\uninst
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-1921-1
2016-03-31 22:28 - 2016-04-03 18:22 - 00000000 ____D C:\ProgramData\1a1d968b-0e67-0
2016-03-31 22:28 - 2016-04-02 20:49 - 00000000 ____D C:\ProgramData\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\Search Window Results
2016-03-31 22:28 - 2016-04-02 20:47 - 00000000 ____D C:\Program Files (x86)\DNS Unlocker
2016-03-20 14:49 - 2016-03-20 18:51 - 52849857 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse 2.psd
2016-03-20 14:49 - 2016-03-20 14:49 - 47970458 _____ C:\Users\Carlos\Downloads\DarkWing_MightyMouse.psd
2016-03-19 21:36 - 2016-03-19 21:46 - 1876282022 _____ C:\Users\Carlos\Downloads\In.the.Heart.of.the.Sea.avi
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieUserList
2016-03-13 20:54 - 2016-03-13 20:54 - 00000000 __SHD C:\Users\Carlos\AppData\LocalLow\EmieSiteList
2016-03-10 20:51 - 2016-03-10 20:51 - 11335442 _____ C:\Users\Carlos\Documents\Characters Skribbles and What Nots.pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-05 17:10 - 2013-09-29 21:04 - 00971464 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-05 17:10 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-05 17:09 - 2013-12-21 10:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\ClassicShell
2016-04-05 17:07 - 2012-11-22 09:17 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-05 17:05 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Local\Spotify
2016-04-05 17:05 - 2013-12-09 22:37 - 00000000 ___RD C:\Users\Carlos\SkyDrive
2016-04-05 17:04 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-03 22:52 - 2014-03-31 05:28 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FF894DA9-E6A4-4C09-950E-A0DC7AA4C454}
2016-04-03 22:49 - 2012-12-26 00:53 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-645849503-499310708-3259883643-1001
2016-04-03 22:38 - 2013-04-07 18:44 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-03 22:28 - 2012-12-28 12:22 - 05910528 ___SH C:\Users\Carlos\Downloads\Thumbs.db
2016-04-03 19:15 - 2014-09-28 17:03 - 00000000 ____D C:\AdwCleaner
2016-04-03 19:13 - 2012-12-26 01:17 - 00002277 _____ C:\Users\Carlos\Desktop\Google Chrome.lnk
2016-04-03 19:13 - 2012-12-25 20:02 - 00002307 _____ C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 19:11 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-03 18:41 - 2012-12-26 01:17 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-03 02:00 - 2012-12-30 04:07 - 00000000 ____D C:\Users\Carlos\AppData\Local\Adobe
2016-04-02 21:38 - 2013-04-07 18:44 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-02 21:22 - 2013-05-26 13:06 - 00609792 ___SH C:\Users\Carlos\Desktop\Thumbs.db
2016-04-02 21:15 - 2013-12-15 14:27 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-02 20:50 - 2013-12-09 21:27 - 00000000 ____D C:\Users\Carlos
2016-04-02 20:48 - 2015-09-18 19:45 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\Spotify
2016-04-02 20:48 - 2015-07-30 06:57 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-04-02 20:48 - 2013-01-06 11:19 - 00000000 ____D C:\Users\Carlos\Downloads\Software
2016-04-02 20:48 - 2012-12-29 09:53 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\vlc
2016-04-02 20:47 - 2013-09-13 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-02 20:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-02 20:47 - 2013-02-07 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2016-04-02 20:47 - 2012-12-26 00:46 - 00000000 ____D C:\ProgramData\Atheros
2016-04-02 20:46 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-02 20:39 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2016-04-02 20:39 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-02 20:36 - 2013-09-22 15:57 - 00000000 ___HD C:\ProgramData\CanonIJScan
2016-04-02 18:03 - 2012-12-28 06:05 - 00000000 ____D C:\Users\Carlos\AppData\Roaming\CyberLink
2016-03-13 18:20 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
==================== Files in the root of some directories =======
2015-04-19 19:49 - 2015-04-19 19:49 - 0000132 _____ () C:\Users\Carlos\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-01-05 19:15 - 2013-01-13 17:18 - 0099384 _____ () C:\Users\Carlos\AppData\Roaming\inst.exe
2013-01-05 19:15 - 2013-01-13 17:18 - 0007859 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.cat
2013-01-05 19:15 - 2013-01-13 17:18 - 0001167 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.inf
2013-01-05 19:15 - 2013-01-13 17:18 - 0000034 _____ () C:\Users\Carlos\AppData\Roaming\pcouffin.log
2013-01-05 19:15 - 2013-01-13 17:18 - 0082816 _____ (VSO Software) C:\Users\Carlos\AppData\Roaming\pcouffin.sys
2012-12-18 16:55 - 2012-12-18 16:55 - 27978904 _____ (VSO-Software ) C:\Users\Carlos\AppData\Roaming\vsoConvertXtoDVD5_setup.exe
2013-08-30 23:13 - 2013-09-21 18:25 - 0000600 _____ () C:\Users\Carlos\AppData\Roaming\winscp.rnd
2015-10-07 17:35 - 2015-10-07 17:36 - 225111747 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload
2015-10-07 17:35 - 2015-10-07 17:36 - 0002530 _____ () C:\Users\Carlos\AppData\Local\ACCCx3_3_0_151.zip.aamdownload.aamd
2013-09-21 08:58 - 2013-09-21 08:58 - 0003584 _____ () C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-02-04 17:32 - 2013-02-04 17:32 - 0000094 _____ () C:\Users\Carlos\AppData\Local\fusioncache.dat
2014-02-17 01:21 - 2014-02-17 01:21 - 0000218 _____ () C:\Users\Carlos\AppData\Local\recently-used.xbel
2012-11-22 09:17 - 2012-11-22 09:17 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2012-11-22 09:14 - 2012-11-22 09:15 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2012-11-22 09:15 - 2012-11-22 09:16 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2012-11-22 09:14 - 2012-11-22 09:14 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-11-22 09:16 - 2012-11-22 09:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-04-03 22:49
==================== End of FRST.txt ============================