PDA

View Full Version : Spybot can't remove Banyan.iSsafe


wtrwrz
2015-01-16, 13:34
Been trying to get this removed, but nothing seems to work. Malware bytes doesn't pick it up; it appears in my uninstall control panel but when I try to uninstall it, nothing happens. Will post logs below, thanks.

Search results from Spybot - Search & Destroy

1/15/2015 12:38:08 PM
Scan took 01:20:54.
33 items found.

Banyan.iSafe: [SBI $7C7B291A] Uninstall settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by ScorpionVII (administrator) on SCORPIONVII-PC on 15-01-2015 22:36:29
Running from C:\Users\ScorpionVII\Downloads
Loaded Profiles: ScorpionVII (Available profiles: ScorpionVII)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\stacsv64.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Stardock\MyColors\wbvista.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
() C:\Users\ScorpionVII\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Program Files (x86)\OSD\OSD_Service.exe
(INNORIX) C:\Windows\SysWOW64\innosvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\ScorpionVII\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(SoftThinks SAS) C:\Program Files (x86)\AlienRespawn\SftService.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Toaster.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\AlienRespawn\Components\Scheduler\STService.exe
(Microsoft) C:\Program Files (x86)\OSD\OSD_Main.exe
(SoftThinks - Dell) C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
() C:\Program Files (x86)\Opera\26.0.1656.60\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Opera Software) C:\Program Files (x86)\Opera\26.0.1656.60\opera.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-16] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-14] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [OSD_LAUNCH] => c:\Program Files (x86)\OSD\Launch.exe [32768 2010-01-05] (HH)
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-05] (Sensible Vision )
HKLM-x32\...\Run: [FAStartup] => [X]
HKLM-x32\...\Run: [ATICustomerCare] => C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [843480 2014-10-07] (BlueStack Systems, Inc.)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\Run: [Spotify Web Helper] => C:\Users\ScorpionVII\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-03] (Spotify Ltd)
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\MountPoints2: {99c51ac5-0b77-11e0-8bcc-0026b9ff3f85} - E:\setup.exe -a
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\MountPoints2: {d3bc9342-9edd-11e2-85fe-0026b9ff3f85} - E:\LaunchU3.exe -a
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\MountPoints2: {dcc8bf1b-fbee-11df-b9c1-0026b9ff3f85} - E:\iStudio.exe
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk
ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicyUsers\S-1-5-21-3603141680-2056560516-2232545133-1000\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> DefaultScope {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=D_DIC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {08F87EA3-0CF0-4B69-B823-3EC0EB6EBC2B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=D_DIC&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.jp/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SSOIEAddonBHO Class -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {18F7A943-CEEB-4EBA-84D7-DCA84872D737}
DPF: HKLM-x32 {3D64E58D-CB55-4344-B809-CFE38F900838} http://portal.customs.go.kr/cab/MagicLoaderX.cab
DPF: HKLM-x32 {68B0C35E-732F-473D-89F0-B0D4FB403C8E} http://portal.customs.go.kr/cab/SecuxmlInstaller_full.cab
DPF: HKLM-x32 {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\ScorpionVII\Downloads\ebz_TouchEnKey_Installer (1).exe
DPF: HKLM-x32 {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: HKLM-x32 {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E}
DPF: HKLM-x32 {AD6870C0-44B7-42FB-A119-C2C6BD9CD005} http://portal.customs.go.kr/cab/MagicPassX.cab
DPF: HKLM-x32 {AFC65313-FED2-4FAE-9452-072E76594E3B} http://portal.customs.go.kr/cab/KCSIPTTrustedsite.cab
DPF: HKLM-x32 {B789767A-4553-4F78-BA2F-D025C0E646B4}
DPF: HKLM-x32 {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC} http://portal.customs.go.kr/cab/ewsinstaller_full.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 219.250.36.130 210.220.163.82

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @innorix.com/innogmp -> C:\Program Files (x86)\INNORIX\npinnogmp.dll (INNORIX)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll ()
FF Plugin-x32: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll No File
FF Plugin-x32: @spaceinter.com/EZKeytecPlugin -> C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugin.dll No File
FF Plugin-x32: @spaceinter.com/EZKeytecPlugins -> C:\Program Files (x86)\Space International\Easykeytec v2.0\npEZKeytecPlugins.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wideline.net/EZKeytecPlugin -> C:\Program Files (x86)\WideLine\Easykeytec v2.0\npEZKeytecPlugin.dll (Wideline, Inc. )
FF Plugin-x32: @wideline.net/EZKeytecPlugins -> C:\Program Files (x86)\WideLine\Easykeytec v2.0\npEZKeytecPlugins.dll (Wideline, Inc. )
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @innorix.com/innogmp -> C:\Program Files (x86)\INNORIX\npinnogmp.dll (INNORIX)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @kcp.co.kr/plugin_hub;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPHubPlugin.dll (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll No File
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll No File
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\ScorpionVII\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @talk.google.com/O1DPlugin -> C:\Users\ScorpionVII\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @tools.google.com/Google Update;version=3 -> C:\Users\ScorpionVII\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: @tools.google.com/Google Update;version=9 -> C:\Users\ScorpionVII\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3603141680-2056560516-2232545133-1000: iloen.com/MelOnWebLinker -> C:\Windows\SysWOW64\npMelOnWebLinkerAx.dll (LOEN Entertainment)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npxecure.dll (SoftForum Co., Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npxwfile.dll (SoftForum Co., Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Users\ScorpionVII\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ScorpionVII\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Loqu8.Capture.Moz - C:\Users\ScorpionVII\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\capture@loqu8.com [2012-12-18]

Chrome:
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-26]
CHR Extension: (YouTube) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-26]
CHR Extension: (Google Search) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-26]
CHR Extension: (Google Wallet) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-26]
CHR Extension: (Gmail) - C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-26]
CHR HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\SCORPI~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-07-25]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [388824 2014-10-07] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [782040 2014-10-07] (BlueStack Systems, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-10-14] (Code 42 Software) [File not signed]
R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-05] (Sensible Vision )
R2 HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [16384 2010-01-05] () [File not signed]
R2 Innosvc; C:\Windows\SysWOW64\innosvc.exe [174208 2012-03-09] (INNORIX)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [120128 2015-01-14] (Elex do Brasil Participações Ltda)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-16] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [470704 2014-12-17] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-10-07] (BlueStack Systems)
R3 ezty2usb; C:\Windows\system32\ezty2usb.sys [32032 2013-11-15] (Space International,Inc.)
S3 IAMTVE; C:\Windows\system32\DRIVERS\IAMTVE.sys [43416 2007-04-11] (Intel Corporation)
S3 IAMTXPE; C:\Windows\system32\DRIVERS\IAMTXPE.sys [51096 2007-04-11] (Intel Corporation)
R0 ioatdma; C:\Windows\System32\Drivers\ioatdma.sys [46792 2009-07-14] (Intel Corporation)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [249000 2015-01-14] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [45224 2015-01-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2015-01-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [42152 2015-01-14] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [93352 2015-01-14] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [52392 2015-01-03] (Elex do Brasil Participações Ltda)
S3 iSSetup; C:\Windows\system32\DRIVERS\iSSetup.sys [178400 2009-10-13] (Intel Corporation)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [19888 2013-11-01] (lumensoft Corporation)
S3 kcrtx64; C:\Windows\system32\kcrtx64.sys [141848 2013-11-01] (Kings Information & Network)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-09-18] (Anchorfree Inc.)
R3 WinRing0_1_2_0; C:\Program Files (x86)\OSD\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\DRIVERS\btwavdt.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 ezty2; \??\C:\Windows\system32\ezty2.sys [X]
S1 HssDRV6; system32\DRIVERS\hssdrv6.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 22:36 - 2015-01-15 22:36 - 00030628 _____ () C:\Users\ScorpionVII\Downloads\FRST.txt
2015-01-15 22:35 - 2015-01-15 22:36 - 00000000 ____D () C:\FRST
2015-01-15 22:35 - 2015-01-15 22:35 - 02125312 _____ (Farbar) C:\Users\ScorpionVII\Downloads\FRST64.exe
2015-01-15 22:14 - 2015-01-15 22:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SCORPIONVII-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2015-01-15 22:12 - 2015-01-15 22:12 - 00000000 ____D () C:\RegBackup
2015-01-15 21:33 - 2015-01-15 21:33 - 00002201 _____ () C:\Users\ScorpionVII\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-15 21:33 - 2015-01-15 21:33 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-15 21:33 - 2015-01-15 21:33 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-15 21:32 - 2015-01-15 21:32 - 04215584 _____ () C:\Users\ScorpionVII\Downloads\tweaking.com_registry_backup_setup.exe
2015-01-15 21:12 - 2015-01-15 21:12 - 00002784 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-15 21:12 - 2015-01-15 21:12 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-15 21:12 - 2015-01-15 21:12 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-15 21:09 - 2015-01-15 21:10 - 05316792 _____ (Piriform Ltd) C:\Users\ScorpionVII\Downloads\ccsetup501pro.exe
2015-01-15 19:58 - 2015-01-15 19:58 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Temp{175B168E-6064-4953-A180-2329F19B7BC0}
2015-01-15 18:09 - 2015-01-15 18:09 - 00041868 _____ () C:\Users\ScorpionVII\Downloads\Addition.txt
2015-01-15 18:09 - 2015-01-15 18:09 - 00041868 _____ () C:\Users\ScorpionVII\Downloads\Addition (1).txt
2015-01-15 12:38 - 2015-01-15 12:38 - 00013283 _____ () C:\Users\ScorpionVII\Desktop\Scan Results.150115-1237.txt
2015-01-15 02:23 - 2015-01-15 02:23 - 00006603 _____ () C:\Users\ScorpionVII\Desktop\Scan Results.150115-0223.txt
2015-01-15 02:14 - 2015-01-15 02:14 - 00032738 _____ () C:\Windows\SysWOW64\bddel.dat
2015-01-14 23:10 - 2015-01-15 02:57 - 00000112 _____ () C:\Windows\setupact.log
2015-01-14 23:10 - 2015-01-15 02:56 - 00045774 _____ () C:\Windows\PFRO.log
2015-01-14 23:10 - 2015-01-14 23:10 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 22:18 - 2015-01-14 22:18 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Temp{6B76FCB2-9E1A-4CD6-B428-8BCE352F9460}
2015-01-14 21:20 - 2015-01-14 21:20 - 00000000 ____D () C:\Windows\system32\log
2015-01-14 21:20 - 2015-01-14 21:20 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Elex-tech
2015-01-14 21:20 - 2015-01-14 21:20 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2015-01-14 21:20 - 2015-01-14 17:29 - 00045224 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2015-01-14 21:20 - 2015-01-03 17:57 - 00052392 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2015-01-14 21:18 - 2015-01-14 21:18 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Temp{691A073D-4755-4A25-B475-29B79C7544DC}
2015-01-14 06:08 - 2014-12-19 12:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 06:08 - 2014-12-19 10:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 06:08 - 2014-12-12 14:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 06:08 - 2014-12-12 14:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 06:08 - 2014-12-12 14:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 06:08 - 2014-12-12 02:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 06:08 - 2014-12-06 13:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 06:08 - 2014-12-06 12:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 06:08 - 2014-12-06 12:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 06:07 - 2014-12-12 14:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 06:07 - 2014-12-12 14:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 06:07 - 2014-12-12 14:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 06:07 - 2014-12-12 14:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 21:01 - 2015-01-09 21:01 - 00001828 _____ () C:\Users\Public\Desktop\Apps.lnk
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\ProgramData\BlueStacks
2015-01-09 20:59 - 2015-01-09 20:59 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2015-01-09 20:57 - 2015-01-09 21:06 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-09 20:57 - 2015-01-09 20:57 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Bluestacks
2015-01-04 11:59 - 2015-01-04 11:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-04 11:59 - 2015-01-04 11:27 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-04 11:59 - 2015-01-04 11:27 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-04 08:55 - 2015-01-04 08:56 - 00000000 ____D () C:\Windows\pss
2015-01-03 19:14 - 2015-01-13 16:39 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Spotify
2015-01-03 19:14 - 2015-01-03 19:14 - 00001845 _____ () C:\Users\ScorpionVII\Desktop\Spotify.lnk
2015-01-03 19:14 - 2015-01-03 19:14 - 00001831 _____ () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-03 19:12 - 2015-01-15 08:10 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Spotify
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Users\ScorpionVII\emails
2015-01-03 14:41 - 2015-01-06 07:46 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Windows Live Writer
2015-01-03 14:41 - 2015-01-03 14:41 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Windows Live Writer
2015-01-03 14:13 - 2015-01-03 14:13 - 00001267 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-01-03 14:13 - 2015-01-03 14:13 - 00000000 ____D () C:\Windows\en
2015-01-03 14:12 - 2015-01-03 14:12 - 00001336 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-01-03 14:12 - 2015-01-03 14:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-03 14:11 - 2015-01-03 14:11 - 00001420 _____ () C:\Users\ScorpionVII\Desktop\Windows Live Mail.lnk
2015-01-03 14:10 - 2014-03-31 21:06 - 00058056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-12-28 06:03 - 2014-12-28 06:03 - 00000000 ____D () C:\Users\ScorpionVII\Desktop\Translations
2014-12-26 17:36 - 2014-12-26 17:36 - 00000989 _____ () C:\Users\ScorpionVII\Desktop\MelOn Player4.lnk
2014-12-26 17:36 - 2014-12-26 17:36 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MelOn Player4
2014-12-26 17:36 - 2014-12-26 17:36 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Melon
2014-12-26 17:36 - 2014-12-26 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MelOn Player4
2014-12-26 17:36 - 2014-12-26 17:36 - 00000000 ____D () C:\Program Files (x86)\SKT Sync 3.0
2014-12-26 17:35 - 2014-12-26 17:36 - 00000000 ____D () C:\Program Files (x86)\MelOn Player4
2014-12-26 07:22 - 2015-01-15 13:55 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-26 07:22 - 2014-12-26 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-25 21:48 - 2015-01-11 00:30 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\MusicBee
2014-12-25 21:48 - 2015-01-07 17:27 - 00000000 ____D () C:\Program Files (x86)\MusicBee
2014-12-25 21:48 - 2014-12-25 21:48 - 00000973 _____ () C:\Users\ScorpionVII\Desktop\MusicBee.lnk
2014-12-25 21:48 - 2014-12-25 21:48 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-12-25 21:48 - 2014-12-25 21:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2014-12-25 13:39 - 2014-12-25 13:39 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 13:11 - 2015-01-15 21:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-25 13:11 - 2014-12-25 13:11 - 00001068 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-25 13:11 - 2014-12-25 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-25 13:10 - 2014-12-25 13:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-25 13:10 - 2014-12-25 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-25 13:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-25 13:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-25 13:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-25 12:51 - 2014-12-25 12:51 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-25 12:51 - 2014-12-25 12:51 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-25 12:51 - 2014-12-25 12:51 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-12-25 12:51 - 2014-12-25 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-25 12:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-12-25 12:49 - 2014-12-25 12:54 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-25 12:32 - 2014-12-25 12:32 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Nightingale
2014-12-25 12:32 - 2014-12-25 12:32 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Nightingale
2014-12-25 12:31 - 2014-12-25 12:42 - 00000000 ____D () C:\Program Files (x86)\Nightingale
2014-12-23 17:54 - 2014-12-23 17:54 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\eCyber
2014-12-23 17:20 - 2015-01-12 22:35 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\WinZipper
2014-12-23 17:20 - 2014-12-29 20:20 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-12-23 17:20 - 2014-12-23 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2014-12-21 19:55 - 2014-12-21 19:55 - 00001230 _____ () C:\Users\ScorpionVII\Desktop\Amazon Music.lnk
2014-12-21 19:54 - 2014-12-21 19:54 - 00001618 _____ () C:\Windows\System32\Tasks\Amazon Music Helper
2014-12-18 19:44 - 2014-12-13 14:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 19:44 - 2014-12-13 12:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 22:27 - 2012-04-29 22:21 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603141680-2056560516-2232545133-1000UA.job
2015-01-15 22:25 - 2010-10-23 22:17 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Skype
2015-01-15 21:59 - 2013-03-30 08:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 21:50 - 2010-09-10 06:54 - 00000690 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 20:52 - 2009-07-14 14:10 - 01684950 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 16:50 - 2010-09-10 06:54 - 00000686 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 12:04 - 2014-10-29 19:53 - 00003460 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-15 08:43 - 2009-07-14 13:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 08:43 - 2009-07-14 13:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 05:00 - 2013-03-30 08:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 05:00 - 2013-03-30 08:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 05:00 - 2013-03-30 08:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 04:27 - 2012-04-29 22:21 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3603141680-2056560516-2232545133-1000Core.job
2015-01-15 02:59 - 2010-09-10 04:55 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-01-15 02:59 - 2010-09-10 04:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-01-15 02:59 - 2010-08-24 16:36 - 00000000 ____D () C:\Program Files (x86)\AlienRespawn
2015-01-15 02:57 - 2009-07-14 14:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 23:08 - 2013-08-11 07:37 - 00000000 ____D () C:\Users\ScorpionVII\Documents\Anki
2015-01-14 21:19 - 2010-09-10 05:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-14 12:52 - 2014-12-14 08:09 - 00000000 ____D () C:\Program Files\CrashPlan
2015-01-14 12:47 - 2009-07-14 14:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-14 08:28 - 2013-07-28 17:03 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 08:20 - 2010-09-10 22:41 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-12 12:54 - 2009-07-14 14:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-09 21:01 - 2009-07-14 12:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-07 20:43 - 2014-07-20 00:26 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\vlc
2015-01-07 00:30 - 2009-07-14 11:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150114-003030.backup
2015-01-05 19:44 - 2009-07-14 14:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-04 12:12 - 2013-11-10 21:06 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-04 11:59 - 2010-08-24 16:15 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-04 11:27 - 2014-08-02 09:12 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-03 21:36 - 2010-10-20 17:18 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Local\Windows Live
2015-01-03 14:44 - 2010-09-10 04:55 - 00000000 ____D () C:\Users\ScorpionVII
2015-01-03 14:11 - 2010-09-11 20:30 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-03 14:10 - 2010-09-11 20:33 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-03 14:10 - 2010-09-11 20:31 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-01-03 14:09 - 2009-07-14 12:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-01 11:20 - 2014-12-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2014-12-31 20:14 - 2010-09-10 05:12 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 00:30 - 2009-07-14 11:34 - 00450892 ____R () C:\Windows\system32\Drivers\etc\hosts.20150107-003030.backup
2014-12-29 21:23 - 2014-08-15 23:53 - 00000000 ____D () C:\Users\ScorpionVII\Desktop\Languages
2014-12-29 21:09 - 2013-07-12 08:58 - 00000000 ____D () C:\Users\ScorpionVII\Desktop\eBooks
2014-12-28 12:16 - 2013-05-18 04:13 - 00000000 ____D () C:\Users\ScorpionVII\Documents\Tencent Files
2014-12-28 07:14 - 2013-06-25 07:42 - 00000000 ____D () C:\Users\ScorpionVII\Documents\EPIK Stuff
2014-12-27 13:03 - 2014-07-20 12:31 - 00000000 ____D () C:\Users\ScorpionVII\Desktop\Lesson Plans
2014-12-26 07:22 - 2010-09-10 06:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 13:42 - 2010-10-06 22:30 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 13:36 - 2009-07-14 12:20 - 00000000 ____D () C:\Windows\registration
2014-12-25 13:30 - 2014-11-26 19:57 - 00000000 ____D () C:\Users\ScorpionVII\AppData\Roaming\MediaMonkey
2014-12-23 17:20 - 2013-09-22 09:12 - 00001723 _____ () C:\Users\ScorpionVII\Desktop\Internet Explorer.lnk
2014-12-23 17:20 - 2010-09-10 04:55 - 00001633 _____ () C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-21 23:23 - 2013-11-12 21:43 - 00000000 ____D () C:\Users\ScorpionVII\Documents\Outlook Files
2014-12-18 22:32 - 2010-10-23 22:17 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-18 22:32 - 2010-10-23 22:17 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 13:41 - 2010-09-10 04:56 - 00161376 _____ () C:\Users\ScorpionVII\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-18 07:42 - 2009-07-14 13:45 - 00727384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-18 04:16 - 2014-10-10 18:36 - 00003842 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1412933809
2014-12-18 04:16 - 2014-10-10 18:36 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-12-16 05:45 - 2014-08-05 11:23 - 00001190 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-12-16 05:45 - 2014-08-05 11:23 - 00001178 _____ () C:\Users\Public\Desktop\paint.net.lnk
2014-12-16 05:45 - 2014-08-05 11:22 - 00000000 ____D () C:\Program Files\paint.net

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 02:25

==================== End Of Log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-15 22:47:29
-----------------------------
22:47:29.720 OS Version: Windows x64 6.1.7601 Service Pack 1
22:47:29.720 Number of processors: 4 586 0x2505
22:47:29.721 ComputerName: SCORPIONVII-PC UserName: ScorpionVII
22:47:30.679 Initialze error C000010E - driver not loaded
22:50:25.200 AVAST engine defs: 15011500
22:51:16.264 Service scanning
22:52:02.484 Modules scanning
22:52:02.533 Disk 0 trace - called modules:
22:52:02.550
22:52:03.647 AVAST engine scan C:\Windows
22:52:08.002 AVAST engine scan C:\Windows\system32
22:57:24.018 AVAST engine scan C:\Windows\system32\drivers
22:57:47.646 AVAST engine scan C:\Users\ScorpionVII
23:02:19.645 The log file has been saved successfully to "C:\Users\ScorpionVII\Desktop\aswMBR.txt"
23:06:55.062 AVAST engine scan C:\ProgramData
23:10:17.971 Scan finished successfully
23:22:25.810 The log file has been saved successfully to "C:\Users\ScorpionVII\Desktop\aswMBR.txt"
Juliet
2015-01-19, 16:59
Sorry for the delay

please uninstall using add/remove programs list

YAC (Yet Another Cleaner!)
WinZipper (HKLM-x32\...\WinZipper) (Version: 1.5.29 - Taiwan Shui Mu Chih Ching Technology Limited.)

~~~~~~~~~~~~~
Running from C:\Users\ScorpionVII\Downloads

We need to move FRST to your desktop

Please go to your downloads folder and locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG



start
CloseProcesses:
GroupPolicyUsers\S-1-5-21-3603141680-2056560516-2232545133-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {08F87EA3-0CF0-4B69-B823-3EC0EB6EBC2B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
wtrwrz
2015-01-20, 16:05
Thanks for replying.

Before I did the scans, I went to the control panel to uninstall; YAC uninstalled but WinZipper did not.

Also, for the life of me, I can't get the Junkware Removal Tool to do a complete scan. It always freezes at a different point during the scan and stays there, usually at 'Checking Shortcuts' and won't budge after that. I waited for several hours, even with all other software turned off, and it still didn't finish. Should I try something else?

In any case, the other programs worked fine and I'll go ahead and post the logs:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by ScorpionVII at 2015-01-20 11:37:22 Run:1
Running from C:\Users\ScorpionVII\Desktop
Loaded Profiles: ScorpionVII (Available profiles: ScorpionVII)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicyUsers\S-1-5-21-3603141680-2056560516-2232545133-1000\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {08F87EA3-0CF0-4B69-B823-3EC0EB6EBC2B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44
SearchScopes: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-3603141680-2056560516-2232545133-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3603141680-2056560516-2232545133-1000\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{08F87EA3-0CF0-4B69-B823-3EC0EB6EBC2B}" => Key deleted successfully.
HKCR\CLSID\{08F87EA3-0CF0-4B69-B823-3EC0EB6EBC2B} => Key not found.
"HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => Key deleted successfully.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-3603141680-2056560516-2232545133-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 83.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 11:37:33 ====

# AdwCleaner v4.108 - Report created 20/01/2015 at 11:50:59
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : ScorpionVII - SCORPIONVII-PC
# Running from : C:\Users\ScorpionVII\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : winzipersvc
[#] Service Deleted : iSafeKrnlMon

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Windows\SysWOW64\hotspot shield
Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\hotspot shield
Folder Deleted : C:\Users\ScorpionVII\AppData\Local\PackageAware
Folder Deleted : C:\Users\ScorpionVII\AppData\Roaming\WinZipper
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\drivers\taphss6.sys

***** [ Scheduled Tasks ] *****

Task Deleted : GoodGameEmpire W1
Task Deleted : GoodGameEmpire W2
Task Deleted : GoodGameEmpire NextW1
Task Deleted : GoodGameEmpire NextW2

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\ScorpionVII\Desktop\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Daum.lnk
Shortcut Disinfected : C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\ScorpionVII\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\b8da4a38624bbb1e\Feedback.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\V9
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v39.0.2171.99

[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44

-\\ Opera v26.0.1656.60

[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44
[C:\Users\ScorpionVII\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F60C8B1E-F247-47B9-BBC9-22E4B6D8C9F4&apn_sauid=BE03A4CC-6B93-466B-AB89-B7BA10667A44

*************************

AdwCleaner[R0].txt - [3648 octets] - [20/01/2015 11:47:29]
AdwCleaner[S0].txt - [5220 octets] - [20/01/2015 11:50:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5280 octets] ##########
Juliet
2015-01-20, 16:26
Don't worry about WinZipper because AdwCleaner wiped out the folders and it's useless now

AdwCleaner --->
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Folder Deleted : C:\Program Files (x86)\WinZipper
Folder Deleted : C:\Users\ScorpionVII\AppData\Roaming\WinZipper

~~~~~~~~~~~~~~

Junkware Removal Tool still on desktop?, if it is, right click and select Run as administrator
This may or may not help and if it doesn't just follow the other instructions.

~~~~~~~~~~~~~~~~~

I see you have MBAM already onboard, let's update it and do a Threat Scan.

Open Malwarebytes Anti-Malware
Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

Please post these logs when finished.


How's your computer now?
wtrwrz
2015-01-21, 01:59
Even under administrator Junkware Remover Tool isn't working, so I dunno what the problem is.

But, other than that, my computer appears to be fine. Here are the latest logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/21/2015
Scan Time: 1:44:32 AM
Logfile: MWBSCAN.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.20.08
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ScorpionVII

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360915
Time Elapsed: 19 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)




C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir Win32/ELEX.BF potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\Users\ScorpionVII\AppData\Local\Temp{175B168E-6064-4953-A180-2329F19B7BC0}\eUpgrade\eupgrade.exe a variant of Win32/ELEX.BF potentially unwanted application deleted - quarantined
C:\Users\ScorpionVII\AppData\Local\Temp{175B168E-6064-4953-A180-2329F19B7BC0}\OmigaZip_patch\winzipersvc.exe a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\Users\ScorpionVII\AppData\Local\Temp{175B168E-6064-4953-A180-2329F19B7BC0}\OmigaZip_patch\wz_ydl.exe a variant of Win32/ELEX.BI potentially unwanted application deleted - quarantined
C:\Users\ScorpionVII\AppData\Local\Temp{691A073D-4755-4A25-B475-29B79C7544DC}\OmigaZip_patch\winzipersvc.exe a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
C:\Users\ScorpionVII\AppData\Local\Temp{6B76FCB2-9E1A-4CD6-B428-8BCE352F9460}\OmigaZip_patch\winzipersvc.exe a variant of Win32/ELEX.Y potentially unwanted application deleted - quarantined
Juliet
2015-01-21, 02:16
Even under administrator Junkware Remover Tool isn't working, so I dunno what the problem is.

But, other than that, my computer appears to be fine. Here are the latest logs:
Don't worry about that we were able to remove malware with other tools.

I think thats it, we're ready to remove tools and folders and I'll post preventive tips.


http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools



Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
wtrwrz
2015-01-21, 18:46
I guess that's it then. I appreciate you taking the time to help me out.
Juliet
2015-01-21, 23:30
We're glad to help.

Use the computer for a day or two and report back to let me know if anything pops up?
wtrwrz
2015-01-23, 10:15
Going on two days now and everything's been running fine; so I'm take that as a sign that I'm in the clear. :)

Thank you so much, again.
Juliet
2015-01-23, 12:52
woohoo!

Your good to go.
Juliet
2015-01-24, 15:54
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.