PDA

View Full Version : Get Private Malware Causing Headache



cardell75
2015-08-04, 13:59
Good Evening,
I am experiencing browser redirect to Get Private and have to click thru to get where I want to go. Also it is continuing to degrade and I have pop ups coming up every 4th-5th website visited. I recently had help removing malware here and it looks like it is back and getting worse. HDD is running almost constantly, connections time because they are taking so long to load.

Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by CIDER (administrator) on CIDER-PC (04-08-2015 19:34:39)
Running from C:\Users\CIDER\Desktop
Loaded Profiles: CIDER (Available Profiles: CIDER)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(The Privoxy team - www.privoxy.org) C:\Program Files\Alfasistem Memory\privoxy.exe
() C:\Windows\System32\PSIService.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDExtHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDAppHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Microsoft\BingDesktop\BDSurrogateHost.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [BingDesktop] => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-05-01] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2015-02-02] (Nike)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-80477484-922998690-3827157042-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-80477484-922998690-3827157042-1001] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {6F8FC54F-C99D-4528-9243-55C8888C7E5F} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-80477484-922998690-3827157042-1001 -> {6F8FC54F-C99D-4528-9243-55C8888C7E5F} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
BHO: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files\Alfasistem Memory\tsie.dll [2015-08-02] (SecureSoft)
Toolbar: HKLM - No Name - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - No File
Toolbar: HKU\S-1-5-21-80477484-922998690-3827157042-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-20] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 202.151.64.110
Tcpip\..\Interfaces\{BA5F0DF4-FBB8-4EFF-9362-929B4BB9BFE3}: [DhcpNameServer] 8.8.8.8 202.151.64.110
Tcpip\..\Interfaces\{D3F2062B-04D2-4F6B-8CD7-14DCB416491B}: [DhcpNameServer] 8.8.8.8 202.151.64.110

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2012-03-05] (Unity Technologies ApS)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-80477484-922998690-3827157042-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\CIDER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PrivoxyService; C:\Program Files\Alfasistem Memory\privoxy.exe [371200 2015-08-02] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-03] () [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-07] (Pervasive Software Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-05-01] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-05-01] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-19] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [63104 2015-02-17] (Identiv)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 19:34 - 2015-08-04 19:35 - 00014032 _____ C:\Users\CIDER\Desktop\FRST.txt
2015-08-04 19:33 - 2015-08-04 19:33 - 01673728 _____ (Farbar) C:\Users\CIDER\Desktop\FRST.exe
2015-08-04 19:30 - 2015-08-04 19:30 - 00002139 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-04 19:21 - 2015-08-04 19:22 - 04662632 _____ (Tweaking.com) C:\Users\CIDER\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-29 21:28 - 2015-07-29 21:28 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 21:28 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-28 16:02 - 2015-07-26 03:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 16:02 - 2015-07-26 03:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 16:02 - 2015-07-26 03:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 16:02 - 2015-07-26 03:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 10:39 - 2015-07-26 10:39 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-26 10:39 - 2015-07-26 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-26 10:38 - 2015-07-26 10:39 - 00000000 ____D C:\Program Files\iTunes
2015-07-26 10:38 - 2015-07-26 10:38 - 00000000 ____D C:\Program Files\iPod
2015-07-26 10:22 - 2015-07-26 10:22 - 00001777 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-26 10:22 - 2015-07-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-26 10:22 - 2015-07-26 10:22 - 00000000 ____D C:\Program Files\QuickTime
2015-07-21 20:00 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 20:00 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-19 22:50 - 2015-08-04 17:22 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2015-07-16 17:14 - 2015-07-16 17:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CIDER\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-16 17:08 - 2015-07-16 17:09 - 00000000 ____D C:\AdwCleaner
2015-07-16 17:07 - 2015-07-16 17:07 - 02248704 _____ C:\Users\CIDER\Downloads\adwcleaner_4.208.exe
2015-07-15 21:22 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 21:22 - 2015-06-20 04:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 21:22 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 21:22 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 21:22 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 21:22 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 21:22 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 21:22 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 21:22 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 21:22 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 21:22 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 21:22 - 2015-06-20 04:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 21:22 - 2015-06-20 04:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 21:22 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 21:22 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 21:22 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 21:22 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 21:22 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 21:22 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 21:22 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 21:22 - 2015-06-20 03:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 21:22 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 21:22 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 21:22 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 21:14 - 2015-07-10 03:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 21:14 - 2015-07-10 03:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 21:14 - 2015-07-10 03:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 21:14 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 21:14 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 21:14 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 21:14 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 21:14 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 21:14 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 21:14 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 21:14 - 2015-06-25 18:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 21:14 - 2015-06-18 03:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 21:07 - 2015-06-12 01:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 21:02 - 2015-07-02 06:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 21:02 - 2015-07-02 06:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 21:02 - 2015-07-02 06:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 21:02 - 2015-07-02 06:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 21:02 - 2015-07-02 06:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 21:02 - 2015-07-02 06:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 21:02 - 2015-07-02 06:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 21:02 - 2015-07-02 06:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 21:02 - 2015-07-02 05:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 21:02 - 2015-07-02 05:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 21:02 - 2015-07-02 05:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 21:02 - 2015-06-16 07:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 21:02 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 21:02 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 21:02 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 21:00 - 2015-06-10 05:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 21:00 - 2015-06-10 05:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 21:00 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:59 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:59 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-10 21:17 - 2015-07-28 20:23 - 00000000 ___HD C:\$Windows.~BT
2015-07-09 21:51 - 2015-08-02 14:44 - 00000000 ____D C:\Program Files\Alfasistem Memory

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-04 19:34 - 2015-06-24 21:31 - 00000000 ____D C:\FRST
2015-08-04 19:29 - 2012-04-17 06:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-04 19:07 - 2014-05-23 03:27 - 00000000 ____D C:\Program Files\Wondershare
2015-08-04 19:04 - 2013-10-04 17:26 - 02078602 _____ C:\Windows\WindowsUpdate.log
2015-08-04 18:47 - 2015-07-01 20:35 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-04 17:36 - 2009-07-14 14:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-04 17:36 - 2009-07-14 14:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-04 17:29 - 2010-06-12 05:56 - 00784212 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 17:22 - 2015-01-11 11:59 - 00000000 ___RD C:\Users\CIDER\iCloudDrive
2015-08-04 17:21 - 2015-07-01 20:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-04 17:21 - 2014-06-10 07:02 - 00020479 _____ C:\Windows\setupact.log
2015-08-04 17:21 - 2009-07-14 14:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-04 17:20 - 2010-06-21 08:38 - 00000000 ____D C:\Program Files\Google
2015-08-04 17:19 - 2012-04-12 06:30 - 00411136 ___SH C:\Users\CIDER\Desktop\Thumbs.db
2015-08-04 17:00 - 2015-06-22 21:51 - 00000000 ____D C:\Users\CIDER\AppData\Local\CrashDumps
2015-07-29 21:28 - 2015-06-20 16:56 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-07-29 21:27 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150802-094629.backup
2015-07-29 03:01 - 2014-05-17 03:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 20:28 - 2010-06-12 08:36 - 00000000 ____D C:\Windows\Panther
2015-07-26 10:38 - 2015-04-18 16:28 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-26 10:38 - 2012-04-12 06:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-25 20:44 - 2015-04-12 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 03:16 - 2009-07-14 14:33 - 00354008 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 19:30 - 2015-06-29 20:39 - 00000000 ____D C:\Users\CIDER\AppData\Roaming\Skype
2015-07-19 19:01 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-19 10:56 - 2013-10-10 05:55 - 01921380 _____ C:\Windows\PFRO.log
2015-07-16 04:07 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:25 - 2014-12-18 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:09 - 2013-07-21 07:59 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 02:56 - 2015-06-24 21:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-15 20:33 - 2012-04-17 06:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 20:33 - 2011-06-21 09:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-07-15 19:51 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150729-212753.backup
2015-07-15 19:49 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-195132.backup
2015-07-08 19:10 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194916.backup
2015-07-05 20:11 - 2010-06-16 04:51 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2010-11-07 11:25 - 2010-11-07 11:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\144A.tmp
2010-11-07 11:25 - 2010-11-07 11:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1525.tmp
2010-09-23 17:42 - 2010-09-23 17:42 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1920.tmp
2010-07-23 22:59 - 2010-11-28 03:25 - 0000454 _____ () C:\Users\CIDER\AppData\Roaming\1cb5fc16
2010-11-09 10:16 - 2010-11-09 10:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1F2D.tmp
2010-11-09 10:16 - 2010-11-09 10:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\222B.tmp
2010-10-08 22:50 - 2010-10-08 22:50 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\4A7F.tmp
2010-08-23 00:26 - 2010-08-23 00:26 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\5B69.tmp
2010-08-28 17:09 - 2010-08-28 17:09 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\73B0.tmp
2010-10-31 03:54 - 2010-10-31 03:54 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\7F02.tmp
2010-10-04 17:25 - 2010-10-04 17:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\80D4.tmp
2010-08-08 02:45 - 2010-08-08 02:45 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\84EA.tmp
2010-08-08 02:45 - 2010-08-08 02:45 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\85E5.tmp
2010-12-01 02:30 - 2010-12-01 02:30 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\8971.tmp
2010-09-28 05:16 - 2010-09-28 05:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\8BA7.tmp
2010-08-22 00:09 - 2010-08-22 00:09 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\91D6.tmp
2010-09-22 20:06 - 2010-09-22 22:18 - 0000000 ___SH () C:\Users\CIDER\AppData\Roaming\92A8.tmp
2010-11-19 18:14 - 2010-11-19 18:14 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\A5B8.tmp
2010-08-14 19:37 - 2010-08-15 00:13 - 0000000 ___SH () C:\Users\CIDER\AppData\Roaming\A5C.tmp
2015-05-26 19:36 - 2015-05-26 19:36 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\A772.tmp
2010-10-28 22:50 - 2010-10-28 22:50 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\B894.tmp
2010-11-01 06:56 - 2010-11-01 06:56 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\CD75.tmp
2010-10-10 00:11 - 2010-10-10 00:11 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\E862.tmp
2010-10-28 08:37 - 2010-10-28 08:37 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\EC99.tmp
2010-07-25 06:58 - 2010-07-25 06:58 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\FF87.tmp
2011-12-08 11:12 - 2011-12-08 11:12 - 0003584 _____ () C:\Users\CIDER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-20 20:29 - 2014-05-23 09:13 - 0007597 _____ () C:\Users\CIDER\AppData\Local\Resmon.ResmonCfg
2010-09-14 04:05 - 2010-12-02 06:57 - 0001185 _____ () C:\ProgramData\1011843181
2010-07-23 07:43 - 2010-09-14 03:48 - 0000817 _____ () C:\ProgramData\1278606097
2010-07-23 07:44 - 2010-12-02 06:01 - 0000610 ___SH () C:\ProgramData\476425025
2013-08-30 08:22 - 2013-08-30 08:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-06-16 07:25 - 2010-06-16 07:25 - 0000051 _____ () C:\ProgramData\dldf
2010-10-29 23:56 - 2013-09-12 17:14 - 0049130 _____ () C:\ProgramData\dlee.log
2010-09-03 04:38 - 2013-07-08 21:27 - 1166548 _____ () C:\ProgramData\dleeJSW.log
2010-09-03 02:31 - 2013-10-04 17:06 - 0060447 _____ () C:\ProgramData\dleescan.log
2011-06-14 07:08 - 2011-06-14 07:08 - 0000252 _____ () C:\ProgramData\FastPics.log
2010-06-16 07:23 - 2010-06-16 07:23 - 1377872 _____ () C:\ProgramData\pswi_preloaded.exe
2010-08-03 23:44 - 2010-11-02 07:18 - 0000323 _____ () C:\ProgramData\sl2105817555
2011-04-01 02:15 - 2011-04-01 02:15 - 0211184 _____ () C:\ProgramData\SPL1ADA.tmp
2011-04-29 01:59 - 2011-04-29 01:59 - 0209776 _____ () C:\ProgramData\SPL37BB.tmp
2012-10-31 03:09 - 2012-10-31 03:09 - 0158288 _____ () C:\ProgramData\SPL96D2.tmp
2010-07-23 07:43 - 2010-07-23 07:43 - 0203776 ___SH () C:\ProgramData\unrar.exe
2010-09-03 02:28 - 2010-09-03 02:28 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 11:41

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by CIDER (2015-08-04 19:35:26)
Running from C:\Users\CIDER\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-80477484-922998690-3827157042-500 - Administrator - Disabled)
CIDER (S-1-5-21-80477484-922998690-3827157042-1001 - Administrator - Enabled) => C:\Users\CIDER
Guest (S-1-5-21-80477484-922998690-3827157042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-80477484-922998690-3827157042-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Desktop (HKLM\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{A66F2101-9BFC-4FB6-9277-7F59EF88BCC2}) (Version: 1.38.0 - Kovid Goyal)
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.221 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.0 - Conexant Systems)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Advertising SDK for Windows Phone - ENU (HKLM\...\{656458ED-DA77-4C82-AF2F-1640C191A2A7}) (Version: 5.2.819.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nike+ Connect (HKLM\...\Nike+ Connect) (Version: 6.6.32 - Nike)
Peachtree Accounting 2010 (Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
PeachTree Signature Ready Forms (Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (Version: 10.12.025 - Pervasive Software) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.0.0 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
USB MassStorage CardReader (HKLM\...\040a_5005) (Version: - )
WCF Data Services SDK for Windows Phone (HKLM\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
WD Drive Utilities (HKLM\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{B74717F4-9E4D-4FEF-B234-97EC2ADACFD8}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{502419DE-1226-415C-8AD5-C62C167960E0}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{f8b1c3bb-688a-4421-a45e-a22dd15f22ee}) (Version: 2.4.11.4 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Phone Emulator - ENU (HKLM\...\{0CD62E62-BB98-358E-A807-819354016E05}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies (HKLM\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-08-2015 11:48:47 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2015-08-02 09:46 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A50A229-1E69-4A7E-AE2E-A1A7274FC22D} - System32\Tasks\Alfasistem Memory Job => C:\Program Files\Alfasistem Memory\ tmjob.exe
Task: {126DE50F-A238-4A74-8F4B-7E83691C2023} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1D619927-C78A-4A46-A707-4870A844671F} - System32\Tasks\Windows Defrag => C:\Users\CIDER\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
Task: {21DCB2BA-2AB8-4A50-92B4-3577DB2558AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {342FC64F-CC75-4A74-AE96-60642D863B49} - System32\Tasks\{3409C15D-4997-454A-9664-9A4B550DE79B} => C:\Program Files\Content Manager\CmTray.exe
Task: {36D452F9-10FA-4ECB-8D5A-6B56847ECC98} - System32\Tasks\{F6370ED9-D3D4-45DA-B33D-405B0A23338F} => C:\Program Files\Content Manager\CmTray.exe
Task: {4353F0D0-1EDB-4A24-B2EA-E4CF8509215E} - System32\Tasks\{634690FA-D6AB-4085-AE30-C4CD329F9208} => C:\Program Files\Content Manager\CmTray.exe
Task: {471E6D56-2DEA-4476-8B54-FA45F305626D} - System32\Tasks\{A3573EC7-216B-41E2-A4FF-01933D25E819} => C:\Program Files\Content Manager\CmTray.exe
Task: {4DD935D7-8EDB-4A41-89FC-2609F8256C49} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4FD9B1CA-8CAB-4E4A-9B0B-87DEF71220EE} - System32\Tasks\{58C0CA39-8B22-4000-B948-FA0A1DE82887} => pcalua.exe -a D:\AutoRunPro.exe -d D:\ -c /s
Task: {5E5A5A9F-F267-42F4-92C9-DE0447B8A144} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {689670D2-772E-4D8A-B0AC-114307E42CCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {69871E42-6D80-4969-B0B1-C2190A9A6B1E} - System32\Tasks\{1D95D3BD-8A3E-471E-AC0B-D7430E2B8485} => C:\Program Files\Content Manager\CmTray.exe
Task: {7487958E-43EC-4014-9A2F-1C636CAE8AF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {78FBFCC1-06E2-40E3-B17F-41389A1ED852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9C7A435C-25FE-4CDF-927A-9876B4752062} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {9C82AE4C-D63E-42B9-83E6-0F5007BEA7AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {B7710698-B655-4B1C-A53C-057D2346FA1C} - System32\Tasks\{69BBD3AB-188A-4B31-BD93-E107FCF4CFFC} => C:\Program Files\Content Manager\CmTray.exe
Task: {B9FA3BF3-45DF-4B41-B0E6-4AD157F5054B} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {C866959D-861F-4323-94CF-7CFC225FD43D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {D84DBE33-66FB-4B6B-AFDF-3F09214F15E0} - System32\Tasks\{D9827BFB-D652-4819-B67B-F7CCCBA8DAB1} => C:\Program Files\Content Manager\CmTray.exe
Task: {DADFA8F1-846E-4FE7-B74B-5AADEE6771CC} - System32\Tasks\Audio Software Job => C:\Program Files\Audio Software\AudioSoftware.exe [2015-07-30] (Secure Best Updater)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-16 07:23 - 2007-09-18 00:19 - 00045056 _____ () C:\Windows\System32\DLDFPMON.DLL
2010-06-16 07:22 - 2007-05-04 16:23 - 00049152 _____ () C:\Windows\System32\DLDFOEM.DLL
2010-09-03 02:31 - 2009-11-26 16:08 - 00049152 _____ () C:\Windows\System32\DLEEPMON.DLL
2010-09-03 02:30 - 2009-01-13 23:15 - 05709824 _____ () C:\Windows\System32\DLEEOEM.DLL
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-09 21:51 - 2015-08-02 08:16 - 00086528 _____ () C:\Program Files\Alfasistem Memory\mgwz.dll
2006-11-03 10:40 - 2006-11-03 10:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2015-06-20 16:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-20 16:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-20 16:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-20 16:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-06-20 16:56 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-09-13 10:31 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\CIDER\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-80477484-922998690-3827157042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CIDER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 202.151.64.110
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nike+ Connect => "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Windows Mobile-based device management => C:\Windows\WindowsMobile\wmdcBase.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6C9BFC94-24B7-4D76-942D-BCC6464C9AE6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/04/2015 05:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17909, time stamp: 0x55844c24
Faulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25
Exception code: 0xc0000005
Fault offset: 0x00649694
Faulting process id: 0x5f9c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/03/2015 08:11:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3970

Start Time: 01d0ccde2224685d

Termination Time: 100

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/02/2015 09:35:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b10

Start Time: 01d0ccb2b2340a4a

Termination Time: 32

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/19/2015 08:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20a0

Start Time: 01d0c20978a17e3f

Termination Time: 2762

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/19/2015 07:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ApplePhotoStreams.exe, version: 7.17.8.5, time stamp: 0x53d97094
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0xc0000005
Fault offset: 0x000121f4
Faulting process id: 0x9bc
Faulting application start time: 0xApplePhotoStreams.exe0
Faulting application path: ApplePhotoStreams.exe1
Faulting module path: ApplePhotoStreams.exe2
Report Id: ApplePhotoStreams.exe3


System errors:
=============
Error: (08/04/2015 05:36:46 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/04/2015 05:31:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/04/2015 05:31:17 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/04/2015 05:24:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/04/2015 05:22:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/04/2015 05:22:23 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (08/04/2015 05:21:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FreemakeVideoCapture service failed to start due to the following error:
%%2

Error: (08/04/2015 05:21:06 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )
Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.

Signatures Attempted: %24

Error Code: 0x8050a004

Error description: This package does not contain up-to-date definition files for this program. For more information, see Help and Support.

Signature version: 1.203.1146.0;1.203.1146.0

Engine version: %600

Error: (08/04/2015 01:37:23 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/03/2015 04:15:58 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.


Microsoft Office:
=========================
Error: (08/04/2015 05:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1790955844c24MSHTML.dll11.0.9600.179245595ab25c0000005006496945f9c01d0cddd6de45118C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll80b455d7-3a76-11e5-b114-b8ac6f70714b

Error: (08/03/2015 08:11:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17909397001d0ccde2224685d100C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/02/2015 09:35:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.179092b1001d0ccb2b2340a4a32C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/19/2015 08:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1790920a001d0c20978a17e3f2762C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/19/2015 07:40:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ApplePhotoStreams.exe7.17.8.553d97094MSVCR100.dll10.0.40219.3254df2be1ec0000005000121f49bc01d0c1bdca8b0dc6C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Windows\system32\MSVCR100.dll21b7f437-2dfa-11e5-b0d7-b8ac6f70714b


CodeIntegrity:
===================================
Date: 2015-08-04 19:21:09.660
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-04 19:06:18.729
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-04 17:19:42.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-04 17:09:46.706
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-04 17:01:08.101
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 21:13:35.320
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 20:52:32.400
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 20:28:21.847
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 20:09:10.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-03 19:13:46.944
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 60%
Total physical RAM: 3548.29 MB
Available physical RAM: 1390.06 MB
Total Virtual: 7094.9 MB
Available Virtual: 4451.63 MB

==================== Drives ================================

Drive b: (OS) (RAMDisk) (Total:218.2 GB) (Free:123.9 GB) NTFS
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:122.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 9F04AE39)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of log ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-04 19:39:29
-----------------------------
19:39:29.874 OS Version: Windows 6.1.7601 Service Pack 1
19:39:29.874 Number of processors: 2 586 0x170A
19:39:29.874 ComputerName: CIDER-PC UserName: CIDER
19:39:50.512 Initialize success
19:39:50.622 VM: initialized successfully
19:39:50.622 VM: Intel CPU supported
19:40:14.582 VM: supported disk I/O ataport.SYS
20:02:21.078 AVAST engine defs: 15080302
20:03:32.823 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:03:32.823 Disk 0 Vendor: ST9250410ASG 0004SDM1 Size: 238475MB BusType: 11
20:03:32.994 VM: Disk 0 MBR read successfully
20:03:33.010 Disk 0 MBR scan
20:03:33.088 Disk 0 Windows VISTA default MBR code
20:03:33.088 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
20:03:33.135 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 80325
20:03:33.135 Disk 0 default boot code
20:03:33.213 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 223434 MB offset 30800325
20:03:33.228 Disk 0 scanning sectors +488395120
20:03:33.416 Disk 0 scanning C:\Windows\system32\drivers
20:03:58.500 Service scanning
20:04:15.442 Service MpKsl0b56cab3 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD410016-E55D-4C63-90DE-E26C85A868D8}\MpKsl0b56cab3.sys **LOCKED** 32
20:04:41.400 Modules scanning
20:04:41.400 Disk 0 trace - called modules:
20:04:41.432 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
20:04:41.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653c030]
20:04:41.432 3 CLASSPNP.SYS[8ca4a59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8641b030]
20:04:44.333 AVAST engine scan C:\Windows
20:04:48.436 AVAST engine scan C:\Windows\system32
20:11:13.198 AVAST engine scan C:\Windows\system32\drivers
20:11:40.857 AVAST engine scan C:\Users\CIDER
20:30:52.395 AVAST engine scan C:\ProgramData
20:36:09.864 Disk 0 statistics 3350495/0/278 @ 1.67 MB/s
20:36:09.880 Scan finished successfully
20:36:57.990 Disk 0 MBR has been saved successfully to "C:\Users\CIDER\Desktop\MBR.dat"
20:36:58.131 The log file has been saved successfully to "C:\Users\CIDER\Desktop\aswMBR.txt"



Thanks in advance for anything you can help me with!!

Regards,
Chuck

ken545
2015-08-04, 20:00
:snwelcome:

Hi Chuck, you have a bit going on, malware set a proxy server and also infected your hosts file, let do this


Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please




Start
CloseProcesses:
CreateRestorePoint:
ProxyEnable: [S-1-5-21-80477484-922998690-3827157042-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-80477484-922998690-3827157042-1001] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: - No Path Or update_url value
R2 PrivoxyService; C:\Program Files\Alfasistem Memory\privoxy.exe [371200 2015-08-02] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-07-09 21:51 - 2015-08-02 14:44 - 00000000 ____D C:\Program Files\Alfasistem Memory
2015-07-29 21:27 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150802-094629.backup
2015-07-15 19:51 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150729-212753.backup
2015-07-15 19:49 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-195132.backup
2015-07-08 19:10 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194916.backup
Task: {0A50A229-1E69-4A7E-AE2E-A1A7274FC22D} - System32\Tasks\Alfasistem Memory Job => C:\Program Files\Alfasistem Memory\ tmjob.exe
Task: {1D619927-C78A-4A46-A707-4870A844671F} - System32\Tasks\Windows Defrag => C:\Users\CIDER\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
RemoveProxy:
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End



NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system




=====================================================================




-AdwCleaner-by Xplode


Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) TO YOUR DESKTOP
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers




Do not click on any links in the top Advertisment.


http://i24.photobucket.com/albums/c30/ken545/AdwCleaner4.201_zpsxrbk2llq.jpg (http://s24.photobucket.com/user/ken545/media/AdwCleaner4.201_zpsxrbk2llq.jpg.html)




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.






===============================================================================




http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) TO YOUR DESKTOP


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.








===============================================================================


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : [B]Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/MBAM_zpsr1ew7hep.png (http://s24.photobucket.com/user/ken545/media/MBAM_zpsr1ew7hep.png.html)




On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

cardell75
2015-08-06, 12:55
So I ran the ADW cleaner with no issue , the JRT is loaded and running but has been stuck on "Checking Shortcuts for about 6 hrs now so I don't want to interrupt it, but it seems like a long time, I have already deleted and reinstalled (the last one was stuck there for about 4 hours). I downloaded and installed Malware bites and it tells me that my free trial has ended. That's where I'm at for now any advice on the JRT?

ken545
2015-08-06, 13:49
Good Morning

Did you run the fix with FRST, if not run it, if so post the log

Post the log from AdwCleaner

Forget about JWR for the time being

Uninstall and reinstall Malwarebytes and post the log after the scan

Use this procedure to remove Malwarebytes from your computer




Download and run their removal utility HERE (http://downloads.malwarebytes.org/file/mbam_clean)
It will ask to restart your computer (please allow it to).
Then download Malwarebytes' Anti-Malware Version 2.1.8 from HERE (http://www.malwarebytes.org/mbam-download.php)
On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Threat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

cardell75
2015-08-07, 01:45
Here are the logs requested:

Fix result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by CIDER (2015-08-06 08:22:49) Run:3
Running from C:\Users\CIDER\Desktop
Loaded Profiles: CIDER (Available Profiles: CIDER)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
ProxyEnable: [S-1-5-21-80477484-922998690-3827157042-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-80477484-922998690-3827157042-1001] => 127.0.0.1:8118
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
R2 PrivoxyService; C:\Program Files\Alfasistem Memory\privoxy.exe [371200 2015-08-02] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
2015-07-09 21:51 - 2015-08-02 14:44 - 00000000 ____D C:\Program Files\Alfasistem Memory
2015-07-29 21:27 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150802-094629.backup
2015-07-15 19:51 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150729-212753.backup
2015-07-15 19:49 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-195132.backup
2015-07-08 19:10 - 2009-07-14 12:04 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts.20150715-194916.backup
Task: {0A50A229-1E69-4A7E-AE2E-A1A7274FC22D} - System32\Tasks\Alfasistem Memory Job => C:\Program Files\Alfasistem Memory\ tmjob.exe
Task: {1D619927-C78A-4A46-A707-4870A844671F} - System32\Tasks\Windows Defrag => C:\Users\CIDER\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
RemoveProxy:
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully.
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf" => key removed successfully.
PrivoxyService => service removed successfully.
C:\Program Files\Alfasistem Memory => moved successfully.
C:\Windows\system32\Drivers\etc\hosts.20150802-094629.backup => moved successfully.
C:\Windows\system32\Drivers\etc\hosts.20150729-212753.backup => moved successfully.
C:\Windows\system32\Drivers\etc\hosts.20150715-195132.backup => moved successfully.
C:\Windows\system32\Drivers\etc\hosts.20150715-194916.backup => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A50A229-1E69-4A7E-AE2E-A1A7274FC22D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A50A229-1E69-4A7E-AE2E-A1A7274FC22D}" => key removed successfully.
C:\Windows\System32\Tasks\Alfasistem Memory Job => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Alfasistem Memory Job" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D619927-C78A-4A46-A707-4870A844671F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D619927-C78A-4A46-A707-4870A844671F}" => key removed successfully.
C:\Windows\System32\Tasks\Windows Defrag => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Defrag" => key removed successfully.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-80477484-922998690-3827157042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-80477484-922998690-3827157042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 674.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:25:46 ====




# AdwCleaner v4.208 - Logfile created 06/08/2015 at 08:46:54
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : CIDER - CIDER-PC
# Running from : C:\Users\CIDER\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKLM\SOFTWARE\SecureWebChannel
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ividijs.info

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


*************************

AdwCleaner[R0].txt - [1725 bytes] - [16/07/2015 17:08:07]
AdwCleaner[R1].txt - [1477 bytes] - [06/08/2015 08:45:26]
AdwCleaner[S0].txt - [1601 bytes] - [16/07/2015 17:09:06]
AdwCleaner[S1].txt - [1416 bytes] - [06/08/2015 08:46:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1475 bytes] ##########


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/7/2015
Scan Time: 8:18 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.06.06
Rootkit Database: v2015.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: CIDER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 399986
Time Elapsed: 21 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2015-08-07, 04:55
Good. Open up FRST, checkmark Additions, run a new scan and post both the FRST and Additions logs please

cardell75
2015-08-07, 10:19
Here are the frst logs, I do have to say that I don't see the pop ups or redirects anymore, my system is now "Not Responding" a lot with MS based programs. Also now every time I log into this forum I am getting a text only version of it.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by CIDER (administrator) on CIDER-PC (07-08-2015 17:09:19)
Running from C:\Users\CIDER\Desktop
Loaded Profiles: CIDER (Available Profiles: CIDER)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
() C:\Windows\System32\PSIService.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_18_0_0_209_ActiveX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694072 2013-10-15] (Western Digital Technologies, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2015-02-02] (Nike)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157992 2015-07-11] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [AppleIEDAV] => C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-80477484-922998690-3827157042-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
SearchScopes: HKLM -> {6F8FC54F-C99D-4528-9243-55C8888C7E5F} URL = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-80477484-922998690-3827157042-1001 -> {6F8FC54F-C99D-4528-9243-55C8888C7E5F} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-22] (Microsoft Corp.)
Toolbar: HKLM - No Name - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - No File
Toolbar: HKU\S-1-5-21-80477484-922998690-3827157042-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-20] (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 202.151.64.110
Tcpip\..\Interfaces\{BA5F0DF4-FBB8-4EFF-9362-929B4BB9BFE3}: [DhcpNameServer] 8.8.8.8 202.151.64.110
Tcpip\..\Interfaces\{D3F2062B-04D2-4F6B-8CD7-14DCB416491B}: [DhcpNameServer] 8.8.8.8 202.151.64.110

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll [2014-06-25] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll No File
FF Plugin: @unity3d.com/UnityPlayer -> C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll [2012-03-05] (Unity Technologies ApS)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-80477484-922998690-3827157042-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\CIDER\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-03] () [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-04-07] (Pervasive Software Inc.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 FreemakeVideoCapture; "C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" [X]
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-19] (LogMeIn, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-12] (CACE Technologies, Inc.)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [63104 2015-02-17] (Identiv)
R1 SDHookDriver; C:\Program Files\Spybot - Search & Destroy 2\SDHookDrv32.sys [46336 2014-04-25] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 17:09 - 2015-08-07 17:09 - 00012786 _____ C:\Users\CIDER\Desktop\FRST.txt
2015-08-07 16:48 - 2015-08-07 16:48 - 00003544 ____N C:\bootsqm.dat
2015-08-07 09:06 - 2015-08-07 09:06 - 00000000 ____D C:\Users\CIDER\Desktop\Fixit Stuff
2015-08-07 08:15 - 2015-08-07 16:59 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-07 08:15 - 2015-08-07 08:15 - 00001018 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-07 08:15 - 2015-08-07 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-07 08:15 - 2015-08-07 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-07 08:15 - 2015-08-07 08:15 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-07 08:15 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-07 08:15 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-07 08:15 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-07 08:08 - 2015-08-07 08:08 - 00321848 _____ (Malwarebytes Corporation) C:\Users\CIDER\Desktop\mbam-clean-2.1.1.1001.exe
2015-08-06 14:45 - 2015-08-06 14:45 - 01797896 _____ (Malwarebytes Corporation) C:\Users\CIDER\Desktop\JRT.exe
2015-08-06 08:43 - 2015-08-06 08:43 - 02248704 _____ C:\Users\CIDER\Desktop\AdwCleaner.exe
2015-08-04 20:36 - 2015-08-04 20:36 - 00000512 _____ C:\Users\CIDER\Desktop\MBR.dat
2015-08-04 19:38 - 2015-08-04 19:39 - 05198336 _____ (AVAST Software) C:\Users\CIDER\Desktop\aswMBR.exe
2015-08-04 19:33 - 2015-08-04 19:33 - 01673728 _____ (Farbar) C:\Users\CIDER\Desktop\FRST.exe
2015-08-04 19:30 - 2015-08-04 19:30 - 00002139 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-04 19:21 - 2015-08-04 19:22 - 04662632 _____ (Tweaking.com) C:\Users\CIDER\Downloads\tweaking.com_registry_backup_setup.exe
2015-07-29 21:28 - 2015-07-29 21:28 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-29 21:28 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-07-28 16:02 - 2015-07-26 03:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 16:02 - 2015-07-26 03:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 16:02 - 2015-07-26 03:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 16:02 - 2015-07-26 03:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 16:02 - 2015-07-26 03:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-26 10:39 - 2015-07-26 10:39 - 00001715 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-26 10:39 - 2015-07-26 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-26 10:38 - 2015-07-26 10:39 - 00000000 ____D C:\Program Files\iTunes
2015-07-26 10:38 - 2015-07-26 10:38 - 00000000 ____D C:\Program Files\iPod
2015-07-26 10:22 - 2015-07-26 10:22 - 00001777 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-07-26 10:22 - 2015-07-26 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-26 10:22 - 2015-07-26 10:22 - 00000000 ____D C:\Program Files\QuickTime
2015-07-21 20:00 - 2015-07-15 12:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 20:00 - 2015-07-15 12:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 20:00 - 2015-07-15 11:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-19 22:50 - 2015-08-07 17:00 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2015-07-16 17:14 - 2015-07-16 17:16 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\CIDER\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-16 17:08 - 2015-08-06 08:47 - 00000000 ____D C:\AdwCleaner
2015-07-16 17:07 - 2015-07-16 17:07 - 02248704 _____ C:\Users\CIDER\Downloads\adwcleaner_4.208.exe
2015-07-15 21:22 - 2015-06-26 03:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 21:22 - 2015-06-20 04:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 21:22 - 2015-06-20 04:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 21:22 - 2015-06-20 04:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 21:22 - 2015-06-20 04:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 21:22 - 2015-06-20 04:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 21:22 - 2015-06-20 04:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 21:22 - 2015-06-20 04:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 21:22 - 2015-06-20 04:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 21:22 - 2015-06-20 04:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 21:22 - 2015-06-20 04:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 21:22 - 2015-06-20 04:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 21:22 - 2015-06-20 04:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 21:22 - 2015-06-20 04:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 21:22 - 2015-06-20 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 21:22 - 2015-06-20 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 21:22 - 2015-06-20 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 21:22 - 2015-06-20 03:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 21:22 - 2015-06-20 03:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 21:22 - 2015-06-20 03:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 21:22 - 2015-06-20 03:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 21:22 - 2015-06-20 03:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 21:22 - 2015-06-20 03:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 21:22 - 2015-06-20 03:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 21:14 - 2015-07-10 03:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 21:14 - 2015-07-10 03:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 21:14 - 2015-07-10 03:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 21:14 - 2015-07-10 03:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 21:14 - 2015-07-05 03:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 21:14 - 2015-07-03 07:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 21:14 - 2015-07-03 07:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 21:14 - 2015-07-03 06:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 21:14 - 2015-07-03 06:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 21:14 - 2015-07-03 06:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 21:14 - 2015-07-03 05:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 21:14 - 2015-06-25 18:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 21:14 - 2015-06-18 03:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 21:07 - 2015-06-12 03:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 21:07 - 2015-06-12 01:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 21:02 - 2015-07-02 06:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 21:02 - 2015-07-02 06:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 21:02 - 2015-07-02 06:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 21:02 - 2015-07-02 06:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 21:02 - 2015-07-02 06:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 21:02 - 2015-07-02 06:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 21:02 - 2015-07-02 06:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 21:02 - 2015-07-02 06:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 21:02 - 2015-07-02 06:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 21:02 - 2015-07-02 05:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 21:02 - 2015-07-02 05:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 21:02 - 2015-07-02 05:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 21:02 - 2015-06-16 07:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 21:02 - 2015-06-16 07:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 21:02 - 2015-06-16 07:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 21:02 - 2015-06-16 07:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 21:02 - 2015-06-16 07:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 21:00 - 2015-06-10 05:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 21:00 - 2015-06-10 05:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 21:00 - 2015-06-02 09:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 20:59 - 2015-06-27 11:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 20:59 - 2015-06-27 11:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-10 21:17 - 2015-07-28 20:23 - 00000000 ___HD C:\$Windows.~BT

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-07 17:09 - 2015-06-24 21:31 - 00000000 ____D C:\FRST
2015-08-07 17:06 - 2013-10-04 17:26 - 01334300 _____ C:\Windows\WindowsUpdate.log
2015-08-07 17:05 - 2009-07-14 14:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-07 17:05 - 2009-07-14 14:34 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-07 17:00 - 2015-01-11 11:59 - 00000000 ___RD C:\Users\CIDER\iCloudDrive
2015-08-07 16:59 - 2015-07-01 20:35 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-07 16:59 - 2012-04-12 06:30 - 00411136 ___SH C:\Users\CIDER\Desktop\Thumbs.db
2015-08-07 16:49 - 2014-06-10 07:02 - 00020815 _____ C:\Windows\setupact.log
2015-08-07 16:49 - 2009-07-14 14:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-07 14:47 - 2015-07-01 20:35 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-07 14:29 - 2012-04-17 06:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-07 09:19 - 2013-10-10 05:55 - 01935006 _____ C:\Windows\PFRO.log
2015-08-07 09:17 - 2010-06-12 05:56 - 00804294 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-07 09:05 - 2014-05-19 12:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-07 09:05 - 2013-10-27 11:21 - 00100056 _____ C:\Windows\DPINST.LOG
2015-08-07 09:04 - 2014-05-19 12:25 - 00000000 ____D C:\Program Files\Western Digital
2015-08-07 09:04 - 2014-05-19 12:25 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2015-08-07 09:04 - 2014-05-19 12:24 - 00000000 ____D C:\ProgramData\Western Digital
2015-08-07 08:27 - 2015-06-20 16:56 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2015-08-05 09:47 - 2011-04-26 03:09 - 00000000 ____D C:\ProgramData\Roxio
2015-08-04 19:07 - 2014-05-23 03:27 - 00000000 ____D C:\Program Files\Wondershare
2015-08-04 17:20 - 2010-06-21 08:38 - 00000000 ____D C:\Program Files\Google
2015-08-04 17:00 - 2015-06-22 21:51 - 00000000 ____D C:\Users\CIDER\AppData\Local\CrashDumps
2015-07-29 03:01 - 2014-05-17 03:20 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 20:28 - 2010-06-12 08:36 - 00000000 ____D C:\Windows\Panther
2015-07-26 10:38 - 2015-04-18 16:28 - 00000000 ____D C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-26 10:38 - 2012-04-12 06:30 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-25 20:44 - 2015-04-12 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-22 03:16 - 2009-07-14 14:33 - 00354008 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-20 19:30 - 2015-06-29 20:39 - 00000000 ____D C:\Users\CIDER\AppData\Roaming\Skype
2015-07-19 19:01 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\system32\NDF
2015-07-16 04:07 - 2009-07-14 12:37 - 00000000 ____D C:\Windows\rescache
2015-07-16 03:25 - 2014-12-18 03:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-16 03:09 - 2013-07-21 07:59 - 00000000 ____D C:\Windows\system32\MRT
2015-07-16 02:56 - 2015-06-24 21:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-15 20:33 - 2012-04-17 06:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-07-15 20:33 - 2011-06-21 09:37 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2010-11-07 11:25 - 2010-11-07 11:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\144A.tmp
2010-11-07 11:25 - 2010-11-07 11:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1525.tmp
2010-09-23 17:42 - 2010-09-23 17:42 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1920.tmp
2010-07-23 22:59 - 2010-11-28 03:25 - 0000454 _____ () C:\Users\CIDER\AppData\Roaming\1cb5fc16
2010-11-09 10:16 - 2010-11-09 10:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\1F2D.tmp
2010-11-09 10:16 - 2010-11-09 10:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\222B.tmp
2010-10-08 22:50 - 2010-10-08 22:50 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\4A7F.tmp
2010-08-23 00:26 - 2010-08-23 00:26 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\5B69.tmp
2010-08-28 17:09 - 2010-08-28 17:09 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\73B0.tmp
2010-10-31 03:54 - 2010-10-31 03:54 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\7F02.tmp
2010-10-04 17:25 - 2010-10-04 17:25 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\80D4.tmp
2010-08-08 02:45 - 2010-08-08 02:45 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\84EA.tmp
2010-08-08 02:45 - 2010-08-08 02:45 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\85E5.tmp
2010-12-01 02:30 - 2010-12-01 02:30 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\8971.tmp
2010-09-28 05:16 - 2010-09-28 05:16 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\8BA7.tmp
2010-08-22 00:09 - 2010-08-22 00:09 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\91D6.tmp
2010-09-22 20:06 - 2010-09-22 22:18 - 0000000 ___SH () C:\Users\CIDER\AppData\Roaming\92A8.tmp
2010-11-19 18:14 - 2010-11-19 18:14 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\A5B8.tmp
2010-08-14 19:37 - 2010-08-15 00:13 - 0000000 ___SH () C:\Users\CIDER\AppData\Roaming\A5C.tmp
2015-05-26 19:36 - 2015-05-26 19:36 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\A772.tmp
2010-10-28 22:50 - 2010-10-28 22:50 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\B894.tmp
2010-11-01 06:56 - 2010-11-01 06:56 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\CD75.tmp
2010-10-10 00:11 - 2010-10-10 00:11 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\E862.tmp
2010-10-28 08:37 - 2010-10-28 08:37 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\EC99.tmp
2010-07-25 06:58 - 2010-07-25 06:58 - 0000000 _____ () C:\Users\CIDER\AppData\Roaming\FF87.tmp
2011-12-08 11:12 - 2011-12-08 11:12 - 0003584 _____ () C:\Users\CIDER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-20 20:29 - 2014-05-23 09:13 - 0007597 _____ () C:\Users\CIDER\AppData\Local\Resmon.ResmonCfg
2010-09-14 04:05 - 2010-12-02 06:57 - 0001185 _____ () C:\ProgramData\1011843181
2010-07-23 07:43 - 2010-09-14 03:48 - 0000817 _____ () C:\ProgramData\1278606097
2010-07-23 07:44 - 2010-12-02 06:01 - 0000610 ___SH () C:\ProgramData\476425025
2013-08-30 08:22 - 2013-08-30 08:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-06-16 07:25 - 2010-06-16 07:25 - 0000051 _____ () C:\ProgramData\dldf
2010-10-29 23:56 - 2013-09-12 17:14 - 0049130 _____ () C:\ProgramData\dlee.log
2010-09-03 04:38 - 2013-07-08 21:27 - 1166548 _____ () C:\ProgramData\dleeJSW.log
2010-09-03 02:31 - 2013-10-04 17:06 - 0060447 _____ () C:\ProgramData\dleescan.log
2011-06-14 07:08 - 2011-06-14 07:08 - 0000252 _____ () C:\ProgramData\FastPics.log
2010-06-16 07:23 - 2010-06-16 07:23 - 1377872 _____ () C:\ProgramData\pswi_preloaded.exe
2010-08-03 23:44 - 2010-11-02 07:18 - 0000323 _____ () C:\ProgramData\sl2105817555
2010-07-23 07:43 - 2010-07-23 07:43 - 0203776 ___SH () C:\ProgramData\unrar.exe
2010-09-03 02:28 - 2010-09-03 02:28 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\CIDER\AppData\Local\Temp\Quarantine.exe
C:\Users\CIDER\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-02 11:41

==================== End of log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-08-2015 01
Ran by CIDER (2015-08-07 17:10:08)
Running from C:\Users\CIDER\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-80477484-922998690-3827157042-500 - Administrator - Disabled)
CIDER (S-1-5-21-80477484-922998690-3827157042-1001 - Administrator - Enabled) => C:\Users\CIDER
Guest (S-1-5-21-80477484-922998690-3827157042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-80477484-922998690-3827157042-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{538227C6-C74B-4A74-99E1-2C0B4F9DA5E1}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM\...\{A66F2101-9BFC-4FB6-9277-7F59EF88BCC2}) (Version: 1.38.0 - Kovid Goyal)
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-80477484-922998690-3827157042-1001\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.221 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.0 - Conexant Systems)
HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
iCloud (HKLM\...\{9A07AB4F-6B53-43E9-B7FC-7892E8C26BE3}) (Version: 4.1.1.53 - Apple Inc.)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{9DBBE7B8-EE7A-4FD9-9C7F-35E69A4C19D8}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Advertising SDK for Windows Phone - ENU (HKLM\...\{656458ED-DA77-4C82-AF2F-1640C191A2A7}) (Version: 5.2.819.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM\...\Blend_4.0.30816.0) (Version: 4.0.30816.0 - Microsoft Corporation)
Microsoft Expression Blend 4 Add-in for Adobe FXG Import (HKLM\...\{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}) (Version: 1.0.20817.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone 7 (HKLM\...\{69E11501-75F7-4ACE-8103-52513DDCFE26}) (Version: 2.0.20901.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Windows Phone OS 7.1 (HKLM\...\{12B8E200-99CC-4203-A8D1-4145FC4D0192}) (Version: 2.0.30816.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 Refresh (HKLM\...\XNA Game Studio 4.0) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM\...\{89690B51-2E21-4E93-914E-F9CAC5B24A84}) (Version: 1.4.0.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nike+ Connect (HKLM\...\Nike+ Connect) (Version: 6.6.32 - Nike)
Peachtree Accounting 2010 (Version: 17.00.00 - Sage Software, Inc.) Hidden
Peachtree Pro Accounting 2010 (HKLM\...\InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}) (Version: 17.00.00 - Sage Software, Inc.)
PeachTree Signature Ready Forms (Version: 6.7.4 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10.10 Workgroup (32-bit) (Version: 10.12.025 - Pervasive Software) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
QuickTime 7 (HKLM\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Sage Message Center (Version: 2.00.0000 - Sage Software Inc.) Hidden
Skype™ 7.3 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.0.0 - Tweaking.com)
Unity Web Player (HKLM\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
USB MassStorage CardReader (HKLM\...\040a_5005) (Version: - )
WCF Data Services SDK for Windows Phone (HKLM\...\{6F33C2E2-5E02-4344-90BC-ED55C48341D2}) (Version: 4.7.6.0 - Microsoft Corporation)
WD Drive Utilities (HKLM\...\{7431ED5D-9247-4F17-91C9-702D9B36FAC4}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{90C3D9C7-2F83-4399-8E28-A00228CFFDF8}) (Version: 1.0.7.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5BA501B7-A8B2-4EFF-9241-18CE436C67BB}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Phone Emulator - ENU (HKLM\...\{0CD62E62-BB98-358E-A807-819354016E05}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU (HKLM\...\{A721BC43-E63E-3531-B1BF-6A405F9530BD}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Assemblies (HKLM\...\{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}) (Version: 10.0.40219 - Microsoft Corporation)
Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0 (HKLM\...\{A4CC18F6-DB05-4B03-B724-4128322FA85F}) (Version: 4.0.30901.0 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

02-08-2015 11:48:47 Scheduled Checkpoint
05-08-2015 17:33:04 Windows Update
06-08-2015 08:23:53 Restore Point Created by FRST
06-08-2015 09:02:05 JRT Pre-Junkware Removal
06-08-2015 14:46:11 JRT Pre-Junkware Removal
07-08-2015 09:01:08 WD SmartWare Installer
07-08-2015 09:05:36 WD SmartWare Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:04 - 2015-08-06 08:24 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {126DE50F-A238-4A74-8F4B-7E83691C2023} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {21DCB2BA-2AB8-4A50-92B4-3577DB2558AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {342FC64F-CC75-4A74-AE96-60642D863B49} - System32\Tasks\{3409C15D-4997-454A-9664-9A4B550DE79B} => C:\Program Files\Content Manager\CmTray.exe
Task: {36D452F9-10FA-4ECB-8D5A-6B56847ECC98} - System32\Tasks\{F6370ED9-D3D4-45DA-B33D-405B0A23338F} => C:\Program Files\Content Manager\CmTray.exe
Task: {4353F0D0-1EDB-4A24-B2EA-E4CF8509215E} - System32\Tasks\{634690FA-D6AB-4085-AE30-C4CD329F9208} => C:\Program Files\Content Manager\CmTray.exe
Task: {471E6D56-2DEA-4476-8B54-FA45F305626D} - System32\Tasks\{A3573EC7-216B-41E2-A4FF-01933D25E819} => C:\Program Files\Content Manager\CmTray.exe
Task: {4DD935D7-8EDB-4A41-89FC-2609F8256C49} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4FD9B1CA-8CAB-4E4A-9B0B-87DEF71220EE} - System32\Tasks\{58C0CA39-8B22-4000-B948-FA0A1DE82887} => pcalua.exe -a D:\AutoRunPro.exe -d D:\ -c /s
Task: {5E5A5A9F-F267-42F4-92C9-DE0447B8A144} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {689670D2-772E-4D8A-B0AC-114307E42CCE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {69871E42-6D80-4969-B0B1-C2190A9A6B1E} - System32\Tasks\{1D95D3BD-8A3E-471E-AC0B-D7430E2B8485} => C:\Program Files\Content Manager\CmTray.exe
Task: {7487958E-43EC-4014-9A2F-1C636CAE8AF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {78FBFCC1-06E2-40E3-B17F-41389A1ED852} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {9C7A435C-25FE-4CDF-927A-9876B4752062} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
Task: {9C82AE4C-D63E-42B9-83E6-0F5007BEA7AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {B7710698-B655-4B1C-A53C-057D2346FA1C} - System32\Tasks\{69BBD3AB-188A-4B31-BD93-E107FCF4CFFC} => C:\Program Files\Content Manager\CmTray.exe
Task: {B9FA3BF3-45DF-4B41-B0E6-4AD157F5054B} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2015-04-26] (Apple Inc.)
Task: {C866959D-861F-4323-94CF-7CFC225FD43D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {D84DBE33-66FB-4B6B-AFDF-3F09214F15E0} - System32\Tasks\{D9827BFB-D652-4819-B67B-F7CCCBA8DAB1} => C:\Program Files\Content Manager\CmTray.exe
Task: {DADFA8F1-846E-4FE7-B74B-5AADEE6771CC} - System32\Tasks\Audio Software Job => C:\Program Files\Audio Software\AudioSoftware.exe [2015-07-30] (Secure Best Updater)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-16 07:23 - 2007-09-18 00:19 - 00045056 _____ () C:\Windows\System32\DLDFPMON.DLL
2010-06-16 07:22 - 2007-05-04 16:23 - 00049152 _____ () C:\Windows\System32\DLDFOEM.DLL
2010-09-03 02:31 - 2009-11-26 16:08 - 00049152 _____ () C:\Windows\System32\DLEEPMON.DLL
2010-09-03 02:30 - 2009-01-13 23:15 - 05709824 _____ () C:\Windows\System32\DLEEOEM.DLL
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-11-03 10:40 - 2006-11-03 10:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2015-06-20 16:56 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-06-20 16:56 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-06-20 16:56 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-06-20 16:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7868 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-80477484-922998690-3827157042-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\CIDER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 202.151.64.110
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^KODAK Software Updater.lnk => C:\Windows\pss\KODAK Software Updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BingDesktop => C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Nike+ Connect => "C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe"
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Windows Mobile-based device management => C:\Windows\WindowsMobile\wmdcBase.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6C9BFC94-24B7-4D76-942D-BCC6464C9AE6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2015 09:46:27 AM) (Source: MsiInstaller) (EventID: 11706) (User: CIDER-PC)
Description: Product: Roxio Update Manager -- Error 1706. An installation package for the product Roxio Update Manager cannot be found. Try the installation again using a valid copy of the installation package 'UM.MSI'.

Error: (08/04/2015 05:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17909, time stamp: 0x55844c24
Faulting module name: MSHTML.dll, version: 11.0.9600.17924, time stamp: 0x5595ab25
Exception code: 0xc0000005
Fault offset: 0x00649694
Faulting process id: 0x5f9c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/03/2015 08:11:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3970

Start Time: 01d0ccde2224685d

Termination Time: 100

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/02/2015 09:35:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2b10

Start Time: 01d0ccb2b2340a4a

Termination Time: 32

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/19/2015 08:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17909 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 20a0

Start Time: 01d0c20978a17e3f

Termination Time: 2762

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (08/07/2015 05:06:51 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/07/2015 04:59:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/07/2015 04:59:28 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/07/2015 04:52:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/07/2015 04:50:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/07/2015 04:50:16 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (08/07/2015 04:49:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The FreemakeVideoCapture service failed to start due to the following error:
%%2

Error: (08/07/2015 09:41:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80240020: Upgrade to Windows 10 Pro.

Error: (08/07/2015 09:35:27 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/07/2015 09:30:04 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office:
=========================
Error: (08/05/2015 09:46:27 AM) (Source: MsiInstaller) (EventID: 11706) (User: CIDER-PC)
Description: Product: Roxio Update Manager -- Error 1706. An installation package for the product Roxio Update Manager cannot be found. Try the installation again using a valid copy of the installation package 'UM.MSI'.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (08/04/2015 05:00:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.1790955844c24MSHTML.dll11.0.9600.179245595ab25c0000005006496945f9c01d0cddd6de45118C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll80b455d7-3a76-11e5-b114-b8ac6f70714b

Error: (08/03/2015 08:11:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17909397001d0ccde2224685d100C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/02/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/02/2015 09:35:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.179092b1001d0ccb2b2340a4a32C:\Program Files\Internet Explorer\iexplore.exe

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 63811726

Error: (07/29/2015 09:27:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/26/2015 07:00:02 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/19/2015 08:01:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.1790920a001d0c20978a17e3f2762C:\Program Files\Internet Explorer\iexplore.exe


CodeIntegrity:
===================================
Date: 2015-08-07 17:08:50.107
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 16:59:43.955
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 15:25:54.322
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 09:29:54.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 09:14:44.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 08:56:52.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 08:56:52.796
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-07 08:05:23.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-06 19:56:48.629
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-08-06 14:42:16.771
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Spybot - Search & Destroy 2\SDHook32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 3548.29 MB
Available physical RAM: 2030.91 MB
Total Virtual: 7094.9 MB
Available Virtual: 5339.59 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:117.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 9F04AE39)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)

==================== End of log ============================

ken545
2015-08-07, 14:34
Morning

Actually your log is not looking to bad. As far as Spybot website, part of it is down and there working on it. Sometimes the malware installed can cause some issues when being removed. Try just rebooting your computer a few times and see if it helps those programs. What programs specifically ?

cardell75
2015-08-08, 01:06
Good Morning,

Ran a Checkdisk and rebooted and its not doing it any more, it was MS Office (all) and IE that were hanging up. Everything seems to be working good and the HDD is not working constantly anymore.

ken545
2015-08-08, 02:41
Wonderful, that's nice to hear :bigthumb:


Double click on AdwCleaner.exe to run the tool again.


Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.






==========================================================




Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


http://i24.photobucket.com/albums/c30/ken545/DelFix_zps139e2ea1.jpg (http://s24.photobucket.com/user/ken545/media/DelFix_zps139e2ea1.jpg.html)




Windows XP Double Click DelFix.exe to run the program.
Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR
Checkmark " Remove Disinfection Tools"
Click the Run button




This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually






==========================================================








How did I get infected in the first place ?




WhattheTech (http://forums.whatthetech.com/index.php?showtopic=97186&quot;)
Grinler BleepingComputer (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)






Safe Surfn
Ken

cardell75
2015-08-08, 04:28
Hey thanks for everything!! My system seems to be good now, not seeing any of the old issues!!


Best Regards,

Chuck

ken545
2015-08-08, 12:31
Your very welcome

Take care my friend

Ken :)