Browser redirect to yourwebrng or 4-you.net [Archive]

View Full Version : Browser redirect to yourwebrng or 4-you.net

Cloudblue

2015-08-16, 23:39

New browser windows go to Yourwebring (4-you.net on page inspect)
Also noticing strange behavour on search requests such as incomplete searches.....malwarebytes may be compromised. HELP!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by XXXXX (administrator) on CREOLE (16-08-2015 14:30:39)
Running from C:\Users\XXXXX\Downloads
Loaded Profiles: XXXXX (Available Profiles: XXXXX)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Users\XXXXX\AppData\Local\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Safer Networking\RegAlyzer\RegAlyzer.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-02-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-02-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Google Update] => C:\Users\XXXXX\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-03] (Google Inc.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [cdloader] => C:\Users\XXXXX\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-20] (Google)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Wireless_Wizard] => C:\Program Files (x86)\Wireless Wizard\Wireless_Wizard.exe [587264 2014-02-17] (Neri Networks)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Spotify Web Helper] => C:\Users\XXXXX\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-02] (Spotify Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6269576 2015-08-02] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogon.bat [2013-10-12] ()
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk [2013-06-23]
ShortcutTarget: OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Plex Media Server.lnk [2015-01-21]
ShortcutTarget: Plex Media Server.lnk -> C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {47D7A7B1-F879-498A-8632-BAE1DA05B228} URL =
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {A0CDCC51-0AE4-49E5-8496-477132B65F7B} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{516CFD30-6BAE-43DA-820C-A6EC9C28F6FF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6ED4F68-6D40-4905-A441-870FF87F9009}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C95A59A3-EEF6-404F-BA1E-FAE3F52FEAF0}: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default
FF DefaultSearchEngine: Addic7ed.com
FF DefaultSearchEngine.US: Google Default
FF SelectedSearchEngine: Google Default
FF Homepage: https://encrypted.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-08-21] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\XXXXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\XXXXX\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @talk.google.com/O1DPlugin -> C:\Users\XXXXX\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\XXXXX\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\XXXXX\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\-rotten-tomatoes.xml [2013-06-05]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\addic7edcom.xml [2013-02-27]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\allsubs.xml [2013-03-11]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\bitsnoop-p2p-search---240-million-valid-torrents.xml [2015-05-10]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga-1.xml [2014-12-14]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.undefined.undefined [2013-12-22]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.xml [2014-12-14]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\duckduckgo.xml [2014-08-16]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\extratorrentcom-torrent-search.xml [2015-08-14]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\google-default.xml [2014-11-27]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\google-encrypted.xml [2015-06-21]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\imdb.xml [2013-03-02]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\new-movie-subtitles-on-2013-03-20--subtitleseekercom--seek--.xml [2013-03-19]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\nowtorrentscom-browser-search-plugin.xml [2013-03-09]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\opensubtitles.xml [2013-03-11]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\scrapetorrent.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\search---yify-torrents.xml [2015-05-28]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\seedpeer-torrent-search.xml [2015-01-07]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\seedpeerme.xml [2015-01-07]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\srt-files-subrip-text-subtitle-search.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subbiee-divx-subtitles-search.xml [2013-03-19]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subscene.xml [2013-03-10]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subtitle--download-subtitles-for-movies-and-series.xml [2013-03-11]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subtitles-search---subscene.xml [2013-03-10]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\the-pirate-bay---the-galaxys-most-resilient-bittorrent-site.xml [2014-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\the-pirate-bay-peru.xml [2014-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\tinysubscom.xml [2013-03-19]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torlock---the-no-fakes-torrent-site.xml [2014-12-27]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-engine-30---home.xml [2015-05-10]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-project---bittorrent-search-engine.xml [2013-03-09]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-project---torrent-search-engine.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-search---scrapetorrentcom.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-search-engine.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrentz-search.xml [2013-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrentzilla--search-results-for-blacklist.xml [2015-05-10]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-movie-torrent-downloads---yts.xml [2015-02-07]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-subtitles-.xml [2014-07-13]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-torrents.undefined.undefined [2014-04-14]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-torrents.xml [2014-05-12]
FF SearchPlugin: C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yifytorents.xml [2014-08-02]
FF Extension: Ant Video Downloader - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\anttoolbar@ant.com [2015-08-15]
FF Extension: MaskMe - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\idme@abine.com [2015-08-15]
FF Extension: Memory Fox - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2015-08-15]
FF Extension: Disconnect - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\2.0@disconnect.me.xpi [2015-08-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-08-15]
FF Extension: Tab Data - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\jid1-4ogjq7MUzAiCOw@jetpack.xpi [2015-08-15]
FF Extension: Noia 4 Theme Manager - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\Noia4Options@ArisT2.xpi [2013-02-27]
FF Extension: NoiaButtons - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\NoiaButtons@ArisT2_Noia4dev.xpi [2015-08-15]
FF Extension: Noia Fox options - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2015-08-15]
FF Extension: RAMBack - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\ramback@pavlov.net.xpi [2015-08-15]
FF Extension: Suspend Tab - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\suspendtab@piro.sakura.ne.jp.xpi [2015-08-15]
FF Extension: Stylish - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-08-15]
FF Extension: Search by Image for Google - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-08-15]
FF Extension: RightToClick - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-08-15]
FF Extension: Adblock Plus - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-15]
FF Extension: Noia 4 - C:\Users\XXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-14] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Abstract-Blue) - C:\Users\XXXXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-02-16]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-15] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-05] (Company) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE3000; C:\Windows\system32\DRIVERS\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [29312 2013-03-05] (SoftEther Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 NETwNs64; C:\Windows\system32\DRIVERS\Netwsw00.sys [11523072 2012-09-30] (Intel Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-08-01] (CACE Technologies, Inc.)
S4 pbfilter; C:\Program Files\Peerblock\pbfilter.sys [24176 2010-11-06] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 14:30 - 2015-08-16 14:30 - 00031078 _____ C:\Users\XXXXX\Downloads\FRST.txt
2015-08-16 14:30 - 2015-08-16 14:30 - 00000000 ____D C:\FRST
2015-08-16 14:28 - 2015-08-16 14:28 - 02173440 _____ (Farbar) C:\Users\XXXXX\Downloads\FRST64.exe
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Safer Networking
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\Program Files (x86)\Safer Networking
2015-08-16 14:16 - 2015-08-16 14:16 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\XXXXX\Downloads\regalyz-1.6.2.16.exe
2015-08-16 14:14 - 2015-08-16 14:14 - 00065232 _____ (Malwarebytes) C:\Users\XXXXX\Downloads\regassassin-setup-1.03.exe
2015-08-15 14:38 - 2015-08-15 14:38 - 02953520 _____ (AVAST Software) C:\Users\XXXXX\Downloads\avast-browser-cleanup.exe
2015-08-15 14:20 - 2015-08-15 14:20 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\ProgramData\Oracle
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-15 14:19 - 2015-08-15 14:19 - 00562784 _____ (Oracle Corporation) C:\Users\XXXXX\Downloads\jxpiinstall.exe
2015-08-15 13:25 - 2015-08-15 13:25 - 00010261 _____ C:\Users\XXXXX\Downloads\hijackthis0815151330
2015-08-15 13:02 - 2015-08-15 13:10 - 00000000 ____D C:\Users\XXXXX\Downloads\backups
2015-08-15 12:48 - 2015-08-15 13:28 - 00010261 _____ C:\Users\XXXXX\Downloads\hijackthis.log
2015-08-15 12:47 - 2015-08-15 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\XXXXX\Downloads\HijackThis.exe
2015-08-15 12:32 - 2015-08-15 12:32 - 00450352 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\FixitCenter_Run.exe
2015-08-15 01:23 - 2015-08-15 01:23 - 00000000 ____D C:\ProgramData\42d9cf73cf248295
2015-08-15 01:20 - 2015-08-15 01:20 - 00000000 ____D C:\Users\XXXXX\AppData\Local\cre
2015-08-15 00:30 - 2015-08-15 00:30 - 00001340 _____ C:\AdwCleaner[C2].txt
2015-08-15 00:27 - 2015-08-15 00:28 - 00020868 _____ C:\AdwCleaner[S2].txt
2015-08-15 00:26 - 2015-08-15 00:26 - 00001920 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-15 00:26 - 2015-08-15 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-15 00:26 - 2015-08-15 00:26 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-14 23:41 - 2015-08-14 23:41 - 00000766 _____ C:\Users\XXXXX\Desktop\Start Emsisoft Emergency Kit.lnk
2015-08-14 23:40 - 2015-08-15 01:18 - 00000000 ____D C:\EEK
2015-08-14 23:34 - 2015-08-14 23:34 - 00002782 _____ C:\AdwCleaner[C1].txt
2015-08-14 23:30 - 2015-08-14 23:34 - 00000000 ____D C:\AdwCleaner
2015-08-14 23:30 - 2015-08-14 23:31 - 00022196 _____ C:\AdwCleaner[S1].txt
2015-08-14 23:21 - 2015-08-15 00:39 - 00000376 _____ C:\WINDOWS\system32\.crusader
2015-08-14 22:59 - 2015-08-14 23:00 - 165660912 _____ C:\Users\XXXXX\Downloads\EmsisoftEmergencyKit.exe
2015-08-14 22:58 - 2015-08-14 22:58 - 01563648 _____ C:\Users\XXXXX\Downloads\adwcleaner_5.000.exe
2015-08-14 22:55 - 2015-08-14 23:21 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-14 22:54 - 2015-08-14 22:55 - 11032736 _____ (SurfRight B.V.) C:\Users\XXXXX\Downloads\HitmanPro_x64.exe
2015-08-14 22:48 - 2015-08-16 12:16 - 00000000 ____D C:\Users\XXXXX\AppData\Local\CrashDumps
2015-08-14 22:12 - 2015-08-12 13:16 - 00449950 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150814-221209.backup
2015-08-14 20:49 - 2015-08-14 20:49 - 13144368 _____ (MPC-HC Team ) C:\Users\XXXXX\Downloads\MPC-HC.1.7.9.x64.exe
2015-08-14 20:42 - 2015-08-14 20:42 - 00000272 _____ C:\Users\XXXXX\Downloads\debug.log
2015-08-14 19:36 - 2015-08-14 19:36 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\XXXXX\Downloads\tdsskiller.exe
2015-08-14 19:27 - 2015-08-14 19:27 - 47225760 _____ C:\Users\XXXXX\Downloads\BDPUARLauncher.exe
2015-08-14 19:03 - 2015-08-14 19:03 - 00000000 ____D C:\NPE
2015-08-14 18:56 - 2015-08-15 13:47 - 00000000 ____D C:\Users\XXXXX\AppData\Local\NPE
2015-08-14 18:56 - 2015-08-14 18:56 - 03088296 _____ (Symantec Corporation) C:\Users\XXXXX\Downloads\NPE.exe
2015-08-14 18:56 - 2015-08-14 18:56 - 00000000 ____D C:\ProgramData\Norton
2015-08-14 18:12 - 2015-08-16 14:04 - 00815840 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-13 21:24 - 2015-08-13 21:24 - 00346624 _____ (Microsoft Corporation) C:\Users\XXXXX\Downloads\SmiteRedX3.EXE
2015-08-13 21:23 - 2015-08-13 21:42 - 00000000 ____D C:\Program Files (x86)\StreamTorrent NE 1.0
2015-08-13 21:23 - 2015-08-13 21:23 - 00001145 _____ C:\Users\XXXXX\Desktop\StreamTorrent NE.lnk
2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTorrent NE
2015-08-13 21:20 - 2015-08-13 21:20 - 01400324 _____ (StreamTorrent Unlimited ) C:\Users\XXXXX\Downloads\StreamTorrentNE10Build0075.exe
2015-08-12 14:52 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:52 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:16 - 2015-05-06 17:08 - 00000175 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150812-131635.backup
2015-08-12 13:12 - 2015-08-12 13:12 - 06609608 _____ (Piriform Ltd) C:\Users\XXXXX\Downloads\ccsetup508.exe
2015-08-12 09:16 - 2015-08-12 09:16 - 00000000 ____D C:\0fec6ceb6c9a6f749e34c69b62ec6515
2015-08-12 06:55 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 06:55 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 06:55 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 06:55 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 06:55 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 06:55 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 06:55 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 06:55 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 06:55 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 06:54 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 06:54 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 06:54 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 06:54 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 06:54 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 06:54 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 06:54 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 06:54 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 06:54 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 06:54 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 06:54 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 06:53 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 06:53 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 06:53 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 06:53 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 06:53 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 06:53 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 06:53 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 06:53 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 06:53 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 06:53 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 06:53 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 06:53 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 06:53 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 06:53 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 06:53 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 06:53 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 06:53 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 06:53 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 06:53 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 06:53 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 06:53 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 06:53 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 06:53 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 06:53 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 06:53 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 06:53 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 06:53 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 06:53 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 06:53 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 06:53 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 06:53 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 06:53 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 06:52 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 06:52 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 06:52 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 06:52 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 06:52 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 06:51 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 06:51 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 06:51 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 06:51 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 06:51 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 06:51 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 06:51 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 06:51 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 06:51 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 06:51 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 06:51 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 06:51 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 06:51 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 06:51 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 06:51 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 06:51 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 06:51 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 06:51 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 06:51 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 06:51 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 06:51 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 06:51 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 06:51 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 06:51 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 06:51 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 06:51 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 06:51 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-06 20:04 - 2015-08-06 20:04 - 00047495 _____ C:\Users\XXXXX\Downloads\The Strain - 01x02 - The Box.KILLERS.English.C.updated.Addic7ed.com.srt
2015-08-03 22:32 - 2015-08-03 22:32 - 00036282 _____ C:\Users\XXXXX\Downloads\bad-timing_english-1075590.zip
2015-08-03 20:51 - 2015-08-03 20:51 - 00058424 _____ C:\Users\XXXXX\Downloads\Ray Donovan - 03x04 - Breakfast of Champions.LOL.English.C.orig.Addic7ed.com.srt
2015-08-03 20:36 - 2015-08-03 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-07-25 19:16 - 2015-08-15 12:46 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-07-25 19:14 - 2015-07-25 19:14 - 04184064 _____ (BrightFort LLC ) C:\Users\XXXXX\Downloads\spywareblastersetup52.exe
2015-07-24 23:02 - 2015-07-24 23:02 - 00028548 _____ C:\Users\XXXXX\Downloads\the-road-within-english-yify-55714.zip
2015-07-19 14:07 - 2015-07-19 14:07 - 00000886 _____ C:\Users\XXXXX\Desktop\exe_fix_w7.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 14:17 - 2013-10-25 19:16 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\ClassicShell
2015-08-16 14:14 - 2015-04-02 18:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-16 14:05 - 2013-02-26 06:02 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1518660660-3768964156-1748568137-1001
2015-08-16 14:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-16 13:57 - 2013-04-19 16:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 13:57 - 2013-04-19 16:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 13:47 - 2013-03-03 09:58 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job
2015-08-16 13:47 - 2013-03-03 09:58 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job
2015-08-16 13:30 - 2014-09-14 12:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 13:28 - 2014-11-21 03:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-16 13:14 - 2013-02-17 01:07 - 00003144 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-16 12:16 - 2013-12-08 22:06 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\MPC-HC
2015-08-16 12:16 - 2013-02-27 23:04 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\uTorrent
2015-08-16 12:06 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 03:50 - 2014-08-17 17:56 - 00002585 _____ C:\Users\XXXXX\Desktop\Google Chrome Canary.lnk
2015-08-15 20:20 - 2015-01-20 19:43 - 00000000 ____D C:\Users\XXXXX
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\XXXXX\AppData\Local\EmieUserList
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\XXXXX\AppData\Local\EmieSiteList
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\XXXXX\AppData\Local\EmieBrowserModeList
2015-08-15 15:00 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-15 14:39 - 2014-07-20 09:20 - 00001403 _____ C:\Users\XXXXX\Desktop\Internet Explorer.lnk
2015-08-15 13:02 - 2014-06-25 17:09 - 00000000 ____D C:\Program Files\Classic Shell
2015-08-15 12:47 - 2013-02-26 05:56 - 00000000 ____D C:\Users\XXXXX\AppData\Local\VirtualStore
2015-08-15 12:46 - 2013-04-13 11:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-15 12:46 - 2013-02-17 01:05 - 00000000 ____D C:\ProgramData\Temp
2015-08-15 12:28 - 2013-02-27 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 22:58 - 2013-03-10 14:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-14 22:44 - 2013-05-04 23:28 - 00000000 ____D C:\Program Files\Defraggler
2015-08-14 20:49 - 2013-02-27 20:17 - 00001725 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2015-08-14 20:49 - 2013-02-27 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-08-14 20:49 - 2013-02-27 20:17 - 00000000 ____D C:\Program Files\MPC-HC
2015-08-14 20:42 - 2013-02-26 06:26 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Google
2015-08-14 20:27 - 2011-09-28 22:14 - 00002239 _____ C:\Users\XXXXX\Desktop\OneKey Recovery.lnk
2015-08-14 18:11 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-14 17:19 - 2015-04-01 21:40 - 00001268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-14 17:19 - 2015-04-01 21:40 - 00001256 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-14 17:19 - 2015-01-20 20:22 - 00001551 _____ C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-13 17:45 - 2013-05-14 19:43 - 00007613 _____ C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
2015-08-13 11:03 - 2014-07-06 15:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-08-13 11:02 - 2013-02-27 19:50 - 00000000 ____D C:\Program Files\Halite
2015-08-13 04:15 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-12 14:52 - 2014-08-17 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 14:51 - 2014-08-21 16:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 14:51 - 2014-08-21 16:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 14:40 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-12 13:12 - 2013-03-10 14:35 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-12 13:12 - 2013-03-10 14:35 - 00000000 ____D C:\Program Files\CCleaner
2015-08-12 11:06 - 2013-08-22 09:44 - 00362664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 09:16 - 2015-04-22 22:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 09:16 - 2014-11-21 10:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 09:16 - 2013-08-14 09:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 09:16 - 2013-02-26 06:58 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 09:15 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 09:15 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 06:29 - 2015-04-02 18:38 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-10 10:58 - 2013-03-27 18:42 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Vso
2015-08-10 10:54 - 2015-01-27 20:08 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-08 08:55 - 2014-11-21 11:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2014-11-21 11:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-04 18:47 - 2013-03-01 22:30 - 00000000 ____D C:\Users\XXXXX\AppData\Local\NETGEARGenie
2015-08-04 18:39 - 2013-12-22 04:02 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-04 01:41 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-03 20:36 - 2013-06-25 17:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-03 05:02 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-03 02:36 - 2013-03-21 23:05 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\Spotify
2015-08-02 16:37 - 2013-02-27 20:36 - 00000000 ____D C:\Users\XXXXX\AppData\Local\Spotify
2015-08-01 15:31 - 2015-01-31 11:41 - 00002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-08-01 15:31 - 2015-01-31 11:41 - 00002081 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-08-01 15:31 - 2013-03-01 22:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2015-08-01 15:30 - 2013-03-01 22:30 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-07-31 23:05 - 2015-01-20 21:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-31 22:59 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-31 20:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-29 18:05 - 2013-03-27 18:42 - 00001189 _____ C:\Users\XXXXX\AppData\Roaming\vso_ts_preview.xml
2015-07-29 16:54 - 2012-03-17 23:56 - 00000000 ____D C:\Users\XXXXX\Documents\ConvertXToDVD
2015-07-25 19:16 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-25 19:16 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-25 19:16 - 2013-04-13 11:57 - 00001106 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-25 19:16 - 2013-04-13 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-25 08:47 - 2015-04-04 23:51 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Files in the root of some directories =======

2013-08-24 19:20 - 2015-06-07 12:48 - 0017644 _____ () C:\Users\XXXXX\AppData\Roaming\AutoTagLog.log
2013-08-24 18:41 - 2015-06-07 12:48 - 0006200 _____ () C:\Users\XXXXX\AppData\Roaming\RegistrationLog.log
2013-08-24 18:41 - 2015-06-07 14:06 - 0386833 _____ () C:\Users\XXXXX\AppData\Roaming\ReplayMusicLog.log
2013-03-27 18:42 - 2015-07-29 18:05 - 0001189 _____ () C:\Users\XXXXX\AppData\Roaming\vso_ts_preview.xml
2013-05-14 19:43 - 2015-08-13 17:45 - 0007613 _____ () C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
2013-06-23 17:41 - 2013-06-23 17:43 - 0034178 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130623.174143.wdl
2013-06-24 16:59 - 2013-06-24 17:00 - 0031125 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130624.165937.txt
2013-06-24 20:43 - 2013-06-24 20:44 - 0036301 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130624.204342.txt
2013-06-24 20:52 - 2013-06-24 20:54 - 0039446 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130624.205230.txt
2013-06-24 22:45 - 2013-06-24 22:47 - 0048826 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130624.224509.wdl
2013-06-25 17:19 - 2013-06-25 17:20 - 0035526 _____ () C:\Users\XXXXX\AppData\Local\WiDiSetupLog.20130625.171917.wdl
2014-06-08 08:49 - 2014-06-08 08:49 - 0000088 _____ () C:\ProgramData\defraggler_list.txt
2013-02-17 00:54 - 2013-02-17 00:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-16 14:05

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by xxxxx (2015-08-16 14:31:17)
Running from C:\Users\xxxxx\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1518660660-3768964156-1748568137-500 - Administrator - Disabled)
Guest (S-1-5-21-1518660660-3768964156-1748568137-501 - Limited - Enabled)
xxxxx (S-1-5-21-1518660660-3768964156-1748568137-1001 - Administrator - Enabled) => C:\Users\xxxxx

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChromecastApp (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CleanSpeech (remove only) (HKLM-x32\...\CleanSpeech) (Version: - )
ConvertXtoDVD 4.1.9.347 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.9.347 - )
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Free PDF to JPG Converter (HKLM-x32\...\{ECD1BC70-A5FD-42D3-AEBA-B71FE88FDBF2}) (Version: 1.0.0 - Free PDF Solutions)
FVD Suite 3.0.2 (HKLM-x32\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)
Google Chrome Canary (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Google Chrome SxS) (Version: 46.0.2484.0 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KYOCERA USB Modem KC02US Driver (HKLM\...\{E2C3C89F-23CC-4C39-A900-6139F65B1557}) (Version: 2.11.0000 - KYOCERA Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
MagicfeaturesPlugin Release 2.11 (HKLM-x32\...\{MagicfeaturesPlugin-54F9C78F-EA53-45CA-B980-F3C~121E930F_is1) (Version: - PCPhoneSoft.com)
magicJack (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2003 Resource Kit (HKLM-x32\...\{90240409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.3.6-I601 (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{a3653c82-94f7-41ec-8a95-59f5f4471adf}) (Version: 0.9.1208 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1208 - Plex, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
Replay Music 5 (HKLM-x32\...\ReplayMusic5.55) (Version: 5.55 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp Viewer (HKLM-x32\...\{ED618EA2-AEAA-4A8F-94D5-4610BA636EC6}) (Version: 8.0.15158 - Trimble Navigation Limited)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com (http://www.sopcast.com))
Spotify (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
StreamTorrent NE 1.0 (HKLM-x32\...\StreamTorrent NE_is1) (Version: - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Winamp (HKLM-x32\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Wizard ver 6.1 (HKLM-x32\...\Wireless Wizard ver 6.1_is1) (Version: - Neri Networks, LLC.)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )
Zona (HKLM-x32\...\Zona)) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\xxxxx\AppData\Local\Google\Chrome SxS\Application\46.0.2484.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\xxxxx\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\xxxxx\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

01-08-2015 14:21:38 Plex Media Server
03-08-2015 20:33:28 Plex Media Server
11-08-2015 06:01:08 Scheduled Checkpoint
13-08-2015 11:01:40 Removed Apple Mobile Device Support
14-08-2015 21:42:31 Norton_Power_Eraser_20150814214213218
14-08-2015 22:24:46 Restore Operation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-06 17:08 - 2015-08-14 22:12 - 00449950 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D56E7AA-AD11-4E35-A72D-0E14AB43097C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {0DD74A2B-3E03-4065-9ACF-3DC365E3005A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA => C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {12D92E43-F164-4ABD-8C94-28C15D849783} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {183A30E6-FEB6-45A0-952E-1A437D796EB1} - System32\Tasks\{0C242EEE-77D3-4EB0-B748-7A00003F7CEE} => pcalua.exe -a C:\Users\xxxxx\Desktop\Tcpview.exe -d C:\Users\xxxxx\Desktop
Task: {198C435D-EB70-4120-90E7-F676B42767B4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core => C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {2B4A722E-84D7-4A56-967A-3176268962E2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {4F479598-E499-4983-9F6D-ECF85504752A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {52548191-E272-4E75-BCE3-8B151517392C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {6F21B335-BDFD-44D8-B357-8B747B69C9E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core => C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {71FEFFD7-B48C-410F-BED6-609574C1DA2F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {8A1CFC0D-0604-424E-89A3-B771C8B0AFB9} - \SomotoUpdateCheckerAutoStart -> No File <==== ATTENTION
Task: {96F809AE-B482-4918-BC74-AE37CAFA04AD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {979A0262-5792-4FD3-8FCD-8A81D5A7069D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {9B31841B-1304-4E48-99AC-ED2E78FA6117} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
Task: {A8ECCCE4-3210-42F8-B370-BE8E5C88198B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA => C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {AB59AE24-FA13-4DBE-9F6C-B704FB23C227} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {C69FDDA9-9132-45D7-9C96-F64BA4B383A4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {EDFBA5B5-EDE8-493B-A3A3-579B9B77D4ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FCB16220-B76E-4B86-8A5E-40A4F977200F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job => C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job => C:\Users\xxxxx\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job => C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job => C:\Users\xxxxx\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-09-06 18:53 - 2012-09-06 18:53 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2013-02-17 00:35 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00031368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
2015-08-16 14:17 - 2008-06-19 18:35 - 00333288 _____ () C:\Program Files (x86)\Safer Networking\RegAlyzer\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com (http://www.008k.com)
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com (http://www.00hq.com)
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com (http://www.0scan.com)
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com (http://www.1-2005-search.com)
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com (http://www.1-domains-registrations.com)
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com (http://www.1000gratisproben.com)
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com (http://www.1001namen.com)
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com (http://www.100sexlinks.com)
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com (http://www.10sek.com)
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info (http://www.123fporn.info)
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com (http://www.123moviedownload.com)
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com (http://www.123simsen.com)

There are 12684 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\xxxxx\Pictures\Abstract-Fractal-Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Update service => 2
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "MuteSync"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "NexDef Plug-in.lnk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "netlogon.bat"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "MagicfeaturesPlugin.lnk.disabled"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "Plex Media Server.lnk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "WeatherMate4.exe"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "DCC22D39C36132D61EF08598A8B38D4D8E4E7F98._service_run"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "googletalk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "WeatherWatcherLive"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Wireless_Wizard"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "AceStream"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CC018771-40E1-4A7A-B915-286C5EE65947}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F81BF52F-2FC3-4803-A093-C393523F34A9}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{5B366F27-2D73-4030-BA67-2A69B4AE881B}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{011509F5-CBA4-4D70-AD16-29F4F23D8AC5}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{20464D25-0BEA-4003-A071-A3ACF6D8CA59}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{814143DD-2986-4C0B-89A2-10C11AC76C93}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{AEABCE10-C2E9-4D58-A38C-FC837B52F0B3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{EF80AF88-BC2F-4A61-8EF7-8A643A01B048}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{976854D4-2A52-4D7A-9A74-FE7A40F298F9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{689AD08C-C110-4E59-B795-C9F2C6B22B0B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0CB755FF-67D9-46FF-8863-B5411A1B557A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{80B1D559-BFB1-491B-AD95-831F95CB3DDE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7809B351-F36A-40C8-B5B5-E032F427F22B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{CA217258-847F-487C-ACBE-96AFE2530ED0}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{A86D035E-82FE-4D59-92FD-932205427B7E}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0ED4478E-E943-417E-BBAC-D044411CA32E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{95F2993E-2054-438B-8925-8078F3A0FD8B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{8B35AF6A-370D-46FF-975E-FF2E037B4396}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9C9D274-EBD3-428F-BF90-FB70CDE9907C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4447D7-4A35-4A6F-9999-14FC5F94B9FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F72961A-22FC-4CC6-B814-3B11E0EDF3A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{53E5AF56-49D1-4E33-B981-EA857571C486}C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{2E8FB82B-70F7-4B72-94BA-E70261105167}C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{D025CE5B-0832-46A8-88EE-3247D21C533C}] => (Allow) C:\Users\xxxxx\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [{C27D62E6-25A4-44F3-9880-5E552E90B9A8}] => (Allow) C:\Users\xxxxx\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [{71A817AC-AE52-4FDC-9963-514D5C2CBCE3}] => (Allow) C:\Users\xxxxx\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [UDP Query User{4F7ECCA5-216D-4243-92D2-8976E629AF0D}C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{8FD604C4-AD19-4C18-B68B-3E68DE879F07}C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\xxxxx\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{F4A1D345-39CF-4408-BB47-F55B35C9BCCC}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{0C97A844-B39A-4A2F-98A8-4B601C3BF4A3}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{09C5DE9F-0859-4E4F-B976-76538138A8C1}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [TCP Query User{78638C2A-0A3C-45E7-9B7B-AD734EDC9CCF}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [{3F699685-FFA2-4D21-A6E4-B6658F67F46B}] => (Allow) C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1547624-A4C5-47BE-8B0E-C2DDC1E5852D}] => (Allow) C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5FF9C0F-A38E-42A8-B749-F8EE5CAAFD1E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{72279E7C-3A87-4481-8E20-51FF4337CABC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{04AD9438-0A25-4EA2-BF4F-13AF28274F8B}C:\users\xxxxx\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\xxxxx\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{635D1C78-BA38-4CF7-9922-0AD431E5176A}C:\users\xxxxx\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\xxxxx\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{05C13164-9A8D-4B3A-BD1C-BF4C14960F35}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{DE16529E-29E3-4D4D-A785-DB0B97AA246C}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{38C16B94-DE88-495C-A559-D147F063B81D}] => (Block) C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{BA66CF87-0EF9-48DE-BAB3-A4339E12439E}] => (Block) C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EB2109D0-DCDB-4AD6-AA32-5C2B86FF8FDA}C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F8B762A9-871C-43B0-AFA2-00331F8FB3CA}C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\xxxxx\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AFDE7C12-13D9-46D0-A2A6-5569179FC805}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{E0BF46D1-2485-4230-B553-921100917FD7}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{941AC7E4-9CEF-43C7-A72F-E1C54D3662B2}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{092118FF-735D-4493-8BFB-75948F73887F}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [UDP Query User{16719A18-C754-4B01-B835-84DB45246C42}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{6BEC6D4C-6490-4822-B55A-6C2E8090580B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{436A0E7A-5118-4E90-95D5-96474C31B39B}C:\users\xxxxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxxxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{EFB9B058-B5FF-4D05-B5C7-0232B3EFEE20}C:\users\xxxxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxxxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EDBBC4F1-DE23-4F3F-8B0C-A5A07CDAFC2C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{6AF125AB-F3E2-4AE7-9AA6-9D4E47A04D62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{A78EE855-0AD4-4A57-899F-04843AEB48A8}C:\users\xxxxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxxxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F0D1E682-7FDE-4202-AD60-2C2EDB1777E1}C:\users\xxxxx\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\xxxxx\appdata\roaming\spotify\spotify.exe
FirewallRules: [{57F1C4A4-0EF5-4A39-9E67-083343B798E1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{54E0A300-9AEE-4271-9B84-5A4E7E2D3C92}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{606AA3EC-9EC1-41CF-B179-1D10AAB7B5AA}] => (Allow) C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{473DA8E3-E218-428E-B46A-063EB26B6320}] => (Allow) C:\Users\xxxxx\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4782A9BB-A3DE-43FA-BB79-EDE22505E896}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2E4B6FEB-4CB2-4764-A839-5237E25AB56B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7C656EF2-FFF6-462A-902B-60B772CF8FDF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D7B7DB3B-D964-40FD-8DA6-B8629D279A23}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{D999BE49-EA70-492B-8F38-19EC2288E593}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{6EA96912-5065-43A0-83EF-3EEE7B61D157}C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{A6EA3801-864E-4119-85DA-B4364188DE7E}C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 12:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0xbf4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/15/2015 02:11:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070017.

Error: (08/15/2015 12:23:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Apple Mobile Device Support). Additional information: 0x80070017.

Error: (08/15/2015 11:58:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/14/2015 10:49:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Apple Mobile Device Support). Additional information: 0x80070017.

Error: (08/14/2015 10:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0x870
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/14/2015 09:59:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f0

Start Time: 01d0d6fa955fb762

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 54550838-42f9-11e5-80a1-00ad30fb48c6

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 07:35:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BDUARemovalTool.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 98c

Start Time: 01d0d6f13086b36e

Termination Time: 4294967295

Application Path: C:\Users\xxxxx\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe

Report Id: 8a8fbfaa-42e5-11e5-809a-00ad309b1e76

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 06:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x6f4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/14/2015 06:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1408
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

System errors:
=============
Error: (08/16/2015 03:43:27 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/16/2015 03:42:25 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/16/2015 03:34:43 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/16/2015 03:34:13 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/16/2015 03:29:14 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/16/2015 03:28:44 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/16/2015 03:07:39 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/16/2015 03:07:09 AM) (Source: DCOM) (EventID: 10010) (User: CREOLE)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/15/2015 11:02:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/15/2015 11:00:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Microsoft Office:
=========================
Error: (08/16/2015 12:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02KERNELBASE.dll6.3.9600.1793655a68dd1c00001420009d4f2bf401d0d8460d5b9a9eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll59e31f09-4439-11e5-80b1-089e0189d2fc

Error: (08/15/2015 02:11:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070017

Error: (08/15/2015 12:23:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Apple Mobile Device Support0x80070017

Error: (08/15/2015 11:58:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (08/14/2015 10:49:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Apple Mobile Device Support0x80070017

Error: (08/14/2015 10:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02KERNELBASE.dll6.3.9600.1793655a68dd1c00001420009d4f287001d0d70d35dfbb58C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll77b3ef57-4300-11e5-80a2-00ad300ba9b8

Error: (08/14/2015 09:59:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.176675f001d0d6fa955fb7620C:\WINDOWS\Explorer.EXE54550838-42f9-11e5-80a1-00ad30fb48c6

Error: (08/14/2015 07:35:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BDUARemovalTool.exe0.0.0.098c01d0d6f13086b36e4294967295C:\Users\xxxxx\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe8a8fbfaa-42e5-11e5-809a-00ad309b1e76

Error: (08/14/2015 06:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa16f401d0d6e7dcdb3e67C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1d236583-42db-11e5-8099-00ad30ab8b44

Error: (08/14/2015 06:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa1140801d0d6e1e0f5aa9cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2590343b-42d9-11e5-8098-00ad30dbea8b

CodeIntegrity:
===================================
Date: 2015-08-16 04:15:11.594
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-16 04:15:11.391
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-16 04:15:11.173
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-16 04:14:52.112
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-16 04:14:51.034
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 18:12:08.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 18:12:08.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 18:12:08.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 18:12:08.151
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-15 18:12:07.824
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 31%
Total physical RAM: 8052.89 MB
Available physical RAM: 5504.94 MB
Total Virtual: 16244.91 MB
Available Virtual: 13050.4 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:667.39 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:19.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 574DB873)

Partition: GPT.

==================== End of log ============================

swMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-16 15:52:29
-----------------------------
15:52:29.852 OS Version: Windows x64 6.2.9200
15:52:29.852 Number of processors: 8 586 0x3A09
15:52:29.857 ComputerName: CREOLE UserName: xxxxx
15:52:31.622 Initialize success
15:52:31.742 VM: initialized successfully
15:52:31.747 VM: Intel CPU BiosDisabled
15:52:58.417 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
15:52:58.417 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2AR10001 Size: 953869MB BusType: 11
15:52:58.577 Disk 0 MBR read successfully
15:52:58.582 Disk 0 MBR scan
15:52:58.582 Disk 0 unknown MBR code
15:52:58.597 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
15:52:58.687 Disk 0 scanning C:\WINDOWS\system32\drivers
15:53:24.948 Service scanning
15:54:01.456 Modules scanning
15:54:01.461 Disk 0 trace - called modules:
15:54:01.481 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
15:54:01.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00152daa370]
15:54:01.496 3 CLASSPNP.SYS[fffff8003a78b170] -> nt!IofCallDriver -> \Device\00000033[0xffffe0014fdb1060]
15:54:01.501 Disk 0 statistics 131228/0/0 @ 2.98 MB/s
15:54:01.506 Scan finished successfully
15:54:28.321 Disk 0 MBR has been saved successfully to "C:\Users\xxxxx\Downloads\MBR.dat"
15:54:28.331 The log file has been saved successfully to "C:\Users\xxxxx\Downloads\aswMBR.txt"

Juliet

2015-08-17, 02:45

Got a question:

Running from C:\Users\XXXXX\Downloads
Loaded Profiles: XXXXX (Available Profiles: XXXXX)
When you set up this computer did you actually set it up as XXXXX?

If you edited out your name I understand but, without having the correct full file name to some of these items I see that need to be removed, FRST script wont work.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~`

Open Malwarebytes' Anti-Malware

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

~~~~~~~`
please post
AdwCleaner[CX].txt
JRT.txt
Malwarebytes log

Cloudblue

2015-08-17, 17:16

I have edited my username in replies. Replace xxxxx with Pierre in FRST script.

# AdwCleaner v5.000 - Logfile created 17/08/2015 at 08:29:17
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : wwwww - CREOLE
# Running from : C:\Users\wwwww\Downloads\adwcleaner_5.000.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\42d9cf73cf248295
[x] Folder Not Deleted : C:\Users\wwwww\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\anttoolbar@ant.com

***** [ Files ] *****

***** [ Shortcuts ] *****

[x] Shortcut Not Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[x] Shortcut Not Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\Desktop\Google Chrome Canary.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary\Google Chrome Canary.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary Apps\vGet Cast (DLNA Controller).lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome Canary.lnk
[x] Shortcut Not Disinfected : C:\Users\wwwww\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}

***** [ Web browsers ] *****

[-] [C:\Users\wwwww\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\wwwww\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [2782 octets] - [14/08/2015 23:34:09]
C:\AdwCleaner[C2].txt - [1340 octets] - [15/08/2015 00:30:34]
C:\AdwCleaner[C3].txt - [2538 octets] - [17/08/2015 08:29:17]
C:\AdwCleaner[S1].txt - [22196 octets] - [14/08/2015 23:30:13]
C:\AdwCleaner[S2].txt - [20868 octets] - [15/08/2015 00:27:13]
C:\AdwCleaner[S3].txt - [3017 octets] - [17/08/2015 08:24:43]

########## EOF - C:\AdwCleaner[C3].txt - [2792 octets] ##########

JRT LOG:
~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Users\yyyyy\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\yyyyy\Appdata\LocalLow\.acestream
Successfully deleted: [Folder] C:\Users\yyyyy\AppData\Roaming\.acestream
Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin

~~~ FireFox

Successfully deleted: [Folder] C:\Users\yyyyy\AppData\Roaming\mozilla\firefox\profiles\27ap06za.default\extensions\anttoolbar@ant.com
Successfully deleted: [Folder] C:\Users\yyyyy\AppData\Roaming\mozilla\firefox\profiles\27ap06za.default\extensions\idme@abine.com
Emptied folder: C:\Users\yyyyy\AppData\Roaming\mozilla\firefox\profiles\27ap06za.default\minidumps [17 files]

~~~ Chrome

[C:\Users\yyyyy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\yyyyy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\yyyyy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\yyyyy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/17/2015 at 8:46:42.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/17/2015
Scan Time: 8:51 AM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.17.06
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Pierre

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 387923
Time Elapsed: 22 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Juliet

2015-08-17, 17:35

I have a couple of questions:

After running the above tools, the computer running better?

~~

[x] Shortcut Not Disinfected : <-- you allowed it to remain on the computer?
C:\Users\wwwww <--this is you, I would have to edit it to the name you suggested?
C:\Users\yyyyy<--this is you

It would help me if you did not edit out your name.

~~

Please find and delete the version of Farbar Recovery Scan Tool you have now.
We will download and run a fresh scan since the other tools have run to check for remnants.

~~

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Cloudblue

2015-08-17, 17:39

I realized I had NOT disinfected shortcuts, so re-ran adw, result below....and re-direct gone after re-boot. Please advise:

# AdwCleaner v5.000 - Logfile created 17/08/2015 at 09:32:29
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Pierre - CREOLE
# Running from : C:\Users\Pierre\Downloads\adwcleaner_5.000.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\Desktop\Google Chrome Canary.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary\Google Chrome Canary.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary Apps\vGet Cast (DLNA Controller).lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome Canary.lnk
[-] Shortcut Disinfected : C:\Users\Pierre\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [2782 octets] - [14/08/2015 23:34:09]
C:\AdwCleaner[C2].txt - [1340 octets] - [15/08/2015 00:30:34]
C:\AdwCleaner[C3].txt - [2865 octets] - [17/08/2015 08:29:17]
C:\AdwCleaner[C4].txt - [2026 octets] - [17/08/2015 09:32:29]
C:\AdwCleaner[S1].txt - [22196 octets] - [14/08/2015 23:30:13]
C:\AdwCleaner[S2].txt - [20868 octets] - [15/08/2015 00:27:13]
C:\AdwCleaner[S3].txt - [3017 octets] - [17/08/2015 08:24:43]
C:\AdwCleaner[S4].txt - [2638 octets] - [17/08/2015 09:30:50]

########## EOF - C:\AdwCleaner[C4].txt - [2343 octets] ##########

Juliet

2015-08-17, 17:43

I have a couple of questions:

C:\Users\wwwww <--this is you, I would have to edit it to the name you suggested?
C:\Users\yyyyy<--this is you

It would help me if you did not edit out your name.

~~

Please find and delete the version of Farbar Recovery Scan Tool you have now.
We will download and run a fresh scan since the other tools have run to check for remnants.

~~

http://i.imgur.com/xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Go ahead and do the above.

Also, let's run an online to look for hidden items.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Cloudblue

2015-08-17, 18:01

From a fresh install of FRST, and non edited log: (ESET SCAN LOG TO FOLLOW, next post)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Pierre (administrator) on CREOLE (17-08-2015 09:52:37)
Running from C:\Users\Pierre\Downloads
Loaded Profiles: Pierre (Available Profiles: Pierre)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google) C:\Users\Pierre\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-16] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-02-17] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-02-17] (Lenovo(beijing) Limited)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [78352 2012-05-22] (cyberlink)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Google Update] => C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-03] (Google Inc.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22012688 2015-06-20] (Google)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [cdloader] => C:\Users\Pierre\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3289088 2007-11-20] (Google)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Wireless_Wizard] => C:\Program Files (x86)\Wireless Wizard\Wireless_Wizard.exe [587264 2014-02-17] (Neri Networks)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Spotify Web Helper] => C:\Users\Pierre\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2017848 2015-08-02] (Spotify Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6269576 2015-08-02] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-02-17]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogon.bat [2013-10-12] ()
Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN GUI.lnk [2013-06-23]
ShortcutTarget: OpenVPN GUI.lnk -> C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Plex Media Server.lnk [2015-01-21]
ShortcutTarget: Plex Media Server.lnk -> C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {47D7A7B1-F879-498A-8632-BAE1DA05B228} URL =
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {A0CDCC51-0AE4-49E5-8496-477132B65F7B} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{516CFD30-6BAE-43DA-820C-A6EC9C28F6FF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B6ED4F68-6D40-4905-A441-870FF87F9009}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C95A59A3-EEF6-404F-BA1E-FAE3F52FEAF0}: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default
FF DefaultSearchEngine: Addic7ed.com
FF DefaultSearchEngine.US: Google Default
FF SelectedSearchEngine: Google Default
FF Homepage: https://encrypted.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-11-18] (Nitro PDF)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-08-21] (Nullsoft, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-04-14] (VideoLAN)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Pierre\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @talk.google.com/O1DPlugin -> C:\Users\Pierre\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1518660660-3768964156-1748568137-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Pierre\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Pierre\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\-rotten-tomatoes.xml [2013-06-05]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\addic7edcom.xml [2013-02-27]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\allsubs.xml [2013-03-11]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\bitsnoop-p2p-search---240-million-valid-torrents.xml [2015-05-10]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga-1.xml [2014-12-14]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.undefined.undefined [2013-12-22]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\download-music-movies-games-software-the-pirate-bay---the-ga.xml [2014-12-14]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\duckduckgo.xml [2014-08-16]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\extratorrentcom-torrent-search.xml [2015-08-14]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\google-default.xml [2014-11-27]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\google-encrypted.xml [2015-06-21]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\imdb.xml [2013-03-02]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\new-movie-subtitles-on-2013-03-20--subtitleseekercom--seek--.xml [2013-03-19]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\nowtorrentscom-browser-search-plugin.xml [2013-03-09]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\opensubtitles.xml [2013-03-11]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\scrapetorrent.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\search---yify-torrents.xml [2015-05-28]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\seedpeer-torrent-search.xml [2015-01-07]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\seedpeerme.xml [2015-01-07]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\srt-files-subrip-text-subtitle-search.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subbiee-divx-subtitles-search.xml [2013-03-19]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subscene.xml [2013-03-10]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subtitle--download-subtitles-for-movies-and-series.xml [2013-03-11]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\subtitles-search---subscene.xml [2013-03-10]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\the-pirate-bay---the-galaxys-most-resilient-bittorrent-site.xml [2014-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\the-pirate-bay-peru.xml [2014-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\tinysubscom.xml [2013-03-19]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torlock---the-no-fakes-torrent-site.xml [2014-12-27]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-engine-30---home.xml [2015-05-10]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-project---bittorrent-search-engine.xml [2013-03-09]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-project---torrent-search-engine.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-search---scrapetorrentcom.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrent-search-engine.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrentz-search.xml [2013-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\torrentzilla--search-results-for-blacklist.xml [2015-05-10]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-movie-torrent-downloads---yts.xml [2015-02-07]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-subtitles-.xml [2014-07-13]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-torrents.undefined.undefined [2014-04-14]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yify-torrents.xml [2014-05-12]
FF SearchPlugin: C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\searchplugins\yifytorents.xml [2014-08-02]
FF Extension: Memory Fox - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} [2015-08-15]
FF Extension: Disconnect - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\2.0@disconnect.me.xpi [2015-08-15]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-08-15]
FF Extension: Tab Data - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\jid1-4ogjq7MUzAiCOw@jetpack.xpi [2015-08-15]
FF Extension: Noia 4 Theme Manager - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\Noia4Options@ArisT2.xpi [2013-02-27]
FF Extension: NoiaButtons - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\NoiaButtons@ArisT2_Noia4dev.xpi [2015-08-15]
FF Extension: Noia 4 Theme Manager - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\NoiaFoxoption@davidvincent.tld.xpi [2015-08-15]
FF Extension: RAMBack - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\ramback@pavlov.net.xpi [2015-08-15]
FF Extension: Suspend Tab - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\suspendtab@piro.sakura.ne.jp.xpi [2015-08-15]
FF Extension: Stylish - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-08-15]
FF Extension: Search by Image for Google - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2015-08-15]
FF Extension: RightToClick - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-08-15]
FF Extension: Adblock Plus - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-15]
FF Extension: Noia 4 - C:\Users\Pierre\AppData\Roaming\Mozilla\Firefox\Profiles\27ap06za.default\Extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi [2013-04-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-14] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Abstract-Blue) - C:\Users\Pierre\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-02-16]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-06] (Broadcom Corporation.)
S2 CLKMSVC10_3A60B698; C:\Program Files (x86)\Lenovo\PowerDVD10\NavFilter\kmsvc.exe [243728 2012-05-23] (CyberLink)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-15] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-18] (Nitro PDF Software)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2014-12-01] (The OpenVPN Project)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-05] (Company) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AE3000; C:\Windows\system32\DRIVERS\AE3000w764.sys [1717824 2012-03-02] (Ralink Technology Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [29312 2013-03-05] (SoftEther Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S3 NETwNs64; C:\Windows\system32\DRIVERS\Netwsw00.sys [11523072 2012-09-30] (Intel Corporation) [File not signed]
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-08-01] (CACE Technologies, Inc.)
S4 pbfilter; C:\Program Files\Peerblock\pbfilter.sys [24176 2010-11-06] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 09:52 - 2015-08-17 09:52 - 00000000 ____D C:\FRST
2015-08-17 09:51 - 2015-08-17 09:51 - 02173440 _____ (Farbar) C:\Users\Pierre\Downloads\FRST64.exe
2015-08-17 09:32 - 2015-08-17 09:32 - 00002412 _____ C:\AdwCleaner[C4].txt
2015-08-17 09:30 - 2015-08-17 09:32 - 00002638 _____ C:\AdwCleaner[S4].txt
2015-08-17 08:47 - 2015-08-17 08:47 - 00001862 _____ C:\Users\Pierre\Downloads\JRT1.txt
2015-08-17 08:46 - 2015-08-17 08:46 - 00001873 _____ C:\Users\Pierre\Desktop\JRT.txt
2015-08-17 08:36 - 2015-08-17 08:36 - 01798040 _____ (Malwarebytes Corporation) C:\Users\Pierre\Downloads\JRT.exe
2015-08-17 08:34 - 2015-08-17 08:34 - 00002852 _____ C:\Users\Pierre\Downloads\AdwCleaner[C3].txt
2015-08-17 08:31 - 2015-08-17 08:31 - 00000372 _____ C:\WINDOWS\PFRO.log
2015-08-17 08:29 - 2015-08-17 08:29 - 00002865 _____ C:\AdwCleaner[C3].txt
2015-08-17 08:24 - 2015-08-17 08:25 - 00003017 _____ C:\AdwCleaner[S3].txt
2015-08-16 15:54 - 2015-08-16 15:55 - 00001532 _____ C:\Users\Pierre\Downloads\aswMBR.txt
2015-08-16 15:54 - 2015-08-16 15:54 - 00000512 _____ C:\Users\Pierre\Downloads\MBR.dat
2015-08-16 15:52 - 2015-08-16 15:52 - 05198336 _____ (AVAST Software) C:\Users\Pierre\Downloads\aswMBR.exe
2015-08-16 15:42 - 2015-08-16 15:42 - 04664160 _____ (Tweaking.com) C:\Users\Pierre\Downloads\tweaking.com_registry_backup_setup.exe
2015-08-16 15:42 - 2015-08-16 15:42 - 00002266 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-08-16 15:42 - 2015-08-16 15:42 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CREOLE-Windows-8.1-(64-bit).dat
2015-08-16 15:42 - 2015-08-16 15:42 - 00000000 ____D C:\RegBackup
2015-08-16 15:42 - 2015-08-16 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-08-16 15:42 - 2015-08-16 15:42 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-08-16 15:27 - 2015-08-17 09:35 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 15:27 - 2015-08-16 15:27 - 00001129 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-16 15:27 - 2015-08-16 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-16 15:27 - 2015-08-16 15:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-16 15:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-16 15:27 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-16 15:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-16 15:12 - 2015-08-16 15:27 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Pierre\Downloads\mbam-setup-2.1.8.1057(1).exe
2015-08-16 14:59 - 2015-08-17 09:34 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-16 14:59 - 2015-08-16 14:59 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-16 14:56 - 2015-08-16 14:56 - 00000052 _____ C:\Users\Pierre\Documents\CurrentMbamKey.txt
2015-08-16 14:31 - 2015-08-16 14:32 - 00052046 _____ C:\Users\Pierre\Downloads\Addition.txt
2015-08-16 14:30 - 2015-08-17 09:52 - 00030270 _____ C:\Users\Pierre\Downloads\FRST.txt
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Safer Networking
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking
2015-08-16 14:17 - 2015-08-16 14:17 - 00000000 ____D C:\Program Files (x86)\Safer Networking
2015-08-16 14:16 - 2015-08-16 14:16 - 01752632 _____ (Safer-Networking Ltd. ) C:\Users\Pierre\Downloads\regalyz-1.6.2.16.exe
2015-08-16 14:14 - 2015-08-16 14:14 - 00065232 _____ (Malwarebytes) C:\Users\Pierre\Downloads\regassassin-setup-1.03.exe
2015-08-15 14:38 - 2015-08-15 14:38 - 02953520 _____ (AVAST Software) C:\Users\Pierre\Downloads\avast-browser-cleanup.exe
2015-08-15 14:20 - 2015-08-15 14:20 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\ProgramData\Oracle
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-15 14:20 - 2015-08-15 14:20 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-15 14:19 - 2015-08-15 14:19 - 00562784 _____ (Oracle Corporation) C:\Users\Pierre\Downloads\jxpiinstall.exe
2015-08-15 13:25 - 2015-08-15 13:25 - 00010261 _____ C:\Users\Pierre\Downloads\hijackthis0815151330
2015-08-15 13:02 - 2015-08-15 13:10 - 00000000 ____D C:\Users\Pierre\Downloads\backups
2015-08-15 12:48 - 2015-08-15 13:28 - 00010261 _____ C:\Users\Pierre\Downloads\hijackthis.log
2015-08-15 12:47 - 2015-08-15 12:47 - 00388608 _____ (Trend Micro Inc.) C:\Users\Pierre\Downloads\HijackThis.exe
2015-08-15 12:32 - 2015-08-15 12:32 - 00450352 _____ (Microsoft Corporation) C:\Users\Pierre\Downloads\FixitCenter_Run.exe
2015-08-15 00:30 - 2015-08-15 00:30 - 00001340 _____ C:\AdwCleaner[C2].txt
2015-08-15 00:27 - 2015-08-15 00:28 - 00020868 _____ C:\AdwCleaner[S2].txt
2015-08-15 00:26 - 2015-08-15 00:26 - 00001920 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-08-15 00:26 - 2015-08-15 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-08-15 00:26 - 2015-08-15 00:26 - 00000000 ____D C:\Program Files\HitmanPro
2015-08-14 23:41 - 2015-08-14 23:41 - 00000766 _____ C:\Users\Pierre\Desktop\Start Emsisoft Emergency Kit.lnk
2015-08-14 23:40 - 2015-08-15 01:18 - 00000000 ____D C:\EEK
2015-08-14 23:34 - 2015-08-14 23:34 - 00002782 _____ C:\AdwCleaner[C1].txt
2015-08-14 23:30 - 2015-08-14 23:34 - 00000000 ____D C:\AdwCleaner
2015-08-14 23:30 - 2015-08-14 23:31 - 00022196 _____ C:\AdwCleaner[S1].txt
2015-08-14 23:21 - 2015-08-15 00:39 - 00000376 _____ C:\WINDOWS\system32\.crusader
2015-08-14 22:59 - 2015-08-14 23:00 - 165660912 _____ C:\Users\Pierre\Downloads\EmsisoftEmergencyKit.exe
2015-08-14 22:58 - 2015-08-14 22:58 - 01563648 _____ C:\Users\Pierre\Downloads\adwcleaner_5.000.exe
2015-08-14 22:55 - 2015-08-14 23:21 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-14 22:54 - 2015-08-14 22:55 - 11032736 _____ (SurfRight B.V.) C:\Users\Pierre\Downloads\HitmanPro_x64.exe
2015-08-14 22:48 - 2015-08-16 12:16 - 00000000 ____D C:\Users\Pierre\AppData\Local\CrashDumps
2015-08-14 22:12 - 2015-08-12 13:16 - 00449950 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20150814-221209.backup
2015-08-14 20:49 - 2015-08-14 20:49 - 13144368 _____ (MPC-HC Team ) C:\Users\Pierre\Downloads\MPC-HC.1.7.9.x64.exe
2015-08-14 20:42 - 2015-08-14 20:42 - 00000272 _____ C:\Users\Pierre\Downloads\debug.log
2015-08-14 19:36 - 2015-08-14 19:36 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Pierre\Downloads\tdsskiller.exe
2015-08-14 19:27 - 2015-08-14 19:27 - 47225760 _____ C:\Users\Pierre\Downloads\BDPUARLauncher.exe
2015-08-14 19:03 - 2015-08-14 19:03 - 00000000 ____D C:\NPE
2015-08-14 18:56 - 2015-08-15 13:47 - 00000000 ____D C:\Users\Pierre\AppData\Local\NPE
2015-08-14 18:56 - 2015-08-14 18:56 - 03088296 _____ (Symantec Corporation) C:\Users\Pierre\Downloads\NPE.exe
2015-08-14 18:56 - 2015-08-14 18:56 - 00000000 ____D C:\ProgramData\Norton
2015-08-14 18:12 - 2015-08-17 09:46 - 01073488 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-13 21:24 - 2015-08-13 21:24 - 00346624 _____ (Microsoft Corporation) C:\Users\Pierre\Downloads\SmiteRedX3.EXE
2015-08-13 21:23 - 2015-08-13 21:42 - 00000000 ____D C:\Program Files (x86)\StreamTorrent NE 1.0
2015-08-13 21:23 - 2015-08-13 21:23 - 00001145 _____ C:\Users\Pierre\Desktop\StreamTorrent NE.lnk
2015-08-13 21:23 - 2015-08-13 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StreamTorrent NE
2015-08-13 21:20 - 2015-08-13 21:20 - 01400324 _____ (StreamTorrent Unlimited ) C:\Users\Pierre\Downloads\StreamTorrentNE10Build0075.exe
2015-08-12 14:52 - 2015-07-30 09:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 14:52 - 2015-07-30 08:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 13:16 - 2015-05-06 17:08 - 00000175 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20150812-131635.backup
2015-08-12 13:12 - 2015-08-12 13:12 - 06609608 _____ (Piriform Ltd) C:\Users\Pierre\Downloads\ccsetup508.exe
2015-08-12 09:16 - 2015-08-12 09:16 - 00000000 ____D C:\0fec6ceb6c9a6f749e34c69b62ec6515
2015-08-12 06:55 - 2015-07-15 19:29 - 07458648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 06:55 - 2015-07-15 19:29 - 01735000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 06:55 - 2015-07-15 19:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 06:55 - 2015-07-15 19:28 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 06:55 - 2015-07-10 12:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 06:55 - 2015-07-01 17:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-08-12 06:55 - 2015-07-01 17:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-08-12 06:55 - 2015-07-01 16:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-08-12 06:55 - 2015-07-01 16:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-08-12 06:54 - 2015-07-28 18:24 - 00025776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-08-12 06:54 - 2015-07-28 09:24 - 01148416 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 01116160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-08-12 06:54 - 2015-07-28 09:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-12 06:54 - 2015-07-18 20:58 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-08-12 06:54 - 2015-07-18 13:51 - 03704320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-08-12 06:54 - 2015-07-18 13:31 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-08-12 06:54 - 2015-07-18 13:29 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-08-12 06:54 - 2015-07-18 13:29 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-08-12 06:54 - 2015-07-18 13:29 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-08-12 06:54 - 2015-07-18 13:28 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-08-12 06:54 - 2015-07-18 13:12 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-08-12 06:54 - 2015-07-18 13:10 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-12 06:54 - 2015-07-18 13:09 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-12 06:53 - 2015-07-16 16:14 - 25192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 06:53 - 2015-07-16 15:36 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-08-12 06:53 - 2015-07-16 15:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-08-12 06:53 - 2015-07-16 15:35 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-12 06:53 - 2015-07-16 15:26 - 05923328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-12 06:53 - 2015-07-16 15:23 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-08-12 06:53 - 2015-07-16 15:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-08-12 06:53 - 2015-07-16 15:20 - 19870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 06:53 - 2015-07-16 14:53 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-08-12 06:53 - 2015-07-16 14:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-08-12 06:53 - 2015-07-16 14:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-08-12 06:53 - 2015-07-16 14:45 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-12 06:53 - 2015-07-16 14:45 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-08-12 06:53 - 2015-07-16 14:41 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-08-12 06:53 - 2015-07-16 14:39 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-08-12 06:53 - 2015-07-16 14:38 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-08-12 06:53 - 2015-07-16 14:36 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-08-12 06:53 - 2015-07-16 14:34 - 14451200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 06:53 - 2015-07-16 14:32 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-08-12 06:53 - 2015-07-16 14:14 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-12 06:53 - 2015-07-16 14:13 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-08-12 06:53 - 2015-07-16 14:12 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-12 06:53 - 2015-07-16 14:12 - 02427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-12 06:53 - 2015-07-16 14:10 - 12856832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 06:53 - 2015-07-16 14:06 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-08-12 06:53 - 2015-07-16 14:01 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-12 06:53 - 2015-07-16 13:52 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-12 06:53 - 2015-07-16 13:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-08-12 06:53 - 2015-07-16 13:42 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-12 06:53 - 2015-07-16 13:38 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-12 06:53 - 2015-07-16 13:37 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-08-12 06:53 - 2015-06-09 13:27 - 00411133 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-08-12 06:52 - 2015-07-07 04:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-08-12 06:52 - 2015-07-07 04:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-08-12 06:52 - 2015-07-07 04:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-08-12 06:52 - 2015-06-12 12:03 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 06:52 - 2015-06-12 11:36 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 06:51 - 2015-07-29 09:37 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 06:51 - 2015-07-29 09:30 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 06:51 - 2015-07-29 09:23 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 06:51 - 2015-07-24 13:57 - 04177408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-08-12 06:51 - 2015-07-24 13:57 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 06:51 - 2015-07-24 13:52 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-12 06:51 - 2015-07-24 12:27 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 06:51 - 2015-07-24 12:23 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-12 06:51 - 2015-07-14 16:59 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-12 06:51 - 2015-07-14 16:59 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-08-12 06:51 - 2015-07-14 16:59 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-08-12 06:51 - 2015-07-13 22:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-08-12 06:51 - 2015-07-13 22:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-08-12 06:51 - 2015-07-13 14:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-08-12 06:51 - 2015-07-13 14:45 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-08-12 06:51 - 2015-07-10 13:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-08-12 06:51 - 2015-07-10 12:42 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-08-12 06:51 - 2015-07-10 12:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-08-12 06:51 - 2015-07-10 12:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-08-12 06:51 - 2015-07-10 11:47 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-08-12 06:51 - 2015-07-10 11:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-08-12 06:51 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 06:51 - 2015-07-09 12:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 06:51 - 2015-07-09 11:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 06:51 - 2015-06-11 15:12 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-08-12 06:51 - 2015-06-11 15:12 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-08-12 06:51 - 2015-05-11 19:24 - 00536920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-08-06 20:04 - 2015-08-06 20:04 - 00047495 _____ C:\Users\Pierre\Downloads\The Strain - 01x02 - The Box.KILLERS.English.C.updated.Addic7ed.com.srt
2015-08-03 22:32 - 2015-08-03 22:32 - 00036282 _____ C:\Users\Pierre\Downloads\bad-timing_english-1075590.zip
2015-08-03 20:51 - 2015-08-03 20:51 - 00058424 _____ C:\Users\Pierre\Downloads\Ray Donovan - 03x04 - Breakfast of Champions.LOL.English.C.orig.Addic7ed.com.srt
2015-08-03 20:36 - 2015-08-03 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2015-07-25 19:14 - 2015-07-25 19:14 - 04184064 _____ (BrightFort LLC ) C:\Users\Pierre\Downloads\spywareblastersetup52.exe
2015-07-24 23:02 - 2015-07-24 23:02 - 00028548 _____ C:\Users\Pierre\Downloads\the-road-within-english-yify-55714.zip
2015-07-19 14:07 - 2015-07-19 14:07 - 00000886 _____ C:\Users\Pierre\Desktop\exe_fix_w7.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-17 09:49 - 2013-10-25 19:16 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\ClassicShell
2015-08-17 09:47 - 2013-03-03 09:58 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job
2015-08-17 09:40 - 2013-02-26 06:02 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1518660660-3768964156-1748568137-1001
2015-08-17 09:35 - 2013-04-19 16:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-17 09:34 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-17 09:32 - 2015-04-01 21:40 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-17 09:32 - 2015-04-01 21:40 - 00001076 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-08-17 09:32 - 2015-01-20 20:22 - 00001014 _____ C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-17 09:32 - 2014-08-17 17:56 - 00001432 _____ C:\Users\Pierre\Desktop\Google Chrome Canary.lnk
2015-08-17 09:32 - 2014-08-17 17:56 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary
2015-08-17 09:14 - 2015-04-02 18:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-17 09:02 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-17 08:57 - 2013-04-19 16:37 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 15:15 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-16 13:47 - 2013-03-03 09:58 - 00000874 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job
2015-08-16 13:28 - 2014-11-21 03:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-16 13:14 - 2013-02-17 01:07 - 00003144 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-16 12:16 - 2013-12-08 22:06 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\MPC-HC
2015-08-16 12:16 - 2013-02-27 23:04 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\uTorrent
2015-08-15 20:20 - 2015-01-20 19:43 - 00000000 ____D C:\Users\Pierre
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\Pierre\AppData\Local\EmieUserList
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\Pierre\AppData\Local\EmieSiteList
2015-08-15 15:42 - 2015-02-01 18:41 - 00000000 __SHD C:\Users\Pierre\AppData\Local\EmieBrowserModeList
2015-08-15 14:39 - 2014-07-20 09:20 - 00001403 _____ C:\Users\Pierre\Desktop\Internet Explorer.lnk
2015-08-15 13:02 - 2014-06-25 17:09 - 00000000 ____D C:\Program Files\Classic Shell
2015-08-15 12:47 - 2013-02-26 05:56 - 00000000 ____D C:\Users\Pierre\AppData\Local\VirtualStore
2015-08-15 12:46 - 2013-04-13 11:57 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-08-15 12:46 - 2013-02-17 01:05 - 00000000 ____D C:\ProgramData\Temp
2015-08-15 12:28 - 2013-02-27 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-14 22:58 - 2013-03-10 14:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-14 22:44 - 2013-05-04 23:28 - 00000000 ____D C:\Program Files\Defraggler
2015-08-14 20:49 - 2013-02-27 20:17 - 00001725 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2015-08-14 20:49 - 2013-02-27 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2015-08-14 20:49 - 2013-02-27 20:17 - 00000000 ____D C:\Program Files\MPC-HC
2015-08-14 20:42 - 2013-02-26 06:26 - 00000000 ____D C:\Users\Pierre\AppData\Local\Google
2015-08-14 20:27 - 2011-09-28 22:14 - 00002239 _____ C:\Users\Pierre\Desktop\OneKey Recovery.lnk
2015-08-14 18:11 - 2013-08-22 10:36 - 00000000 __RSD C:\WINDOWS\Media
2015-08-13 17:45 - 2013-05-14 19:43 - 00007613 _____ C:\Users\Pierre\AppData\Local\Resmon.ResmonCfg
2015-08-13 11:03 - 2014-07-06 15:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-08-13 11:02 - 2013-02-27 19:50 - 00000000 ____D C:\Program Files\Halite
2015-08-13 04:15 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\rescache
2015-08-12 14:52 - 2014-08-17 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 14:51 - 2014-08-21 16:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 14:51 - 2014-08-21 16:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 14:40 - 2012-07-26 02:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-12 13:12 - 2013-03-10 14:35 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-12 13:12 - 2013-03-10 14:35 - 00000000 ____D C:\Program Files\CCleaner
2015-08-12 11:06 - 2013-08-22 09:44 - 00362664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-12 11:01 - 2013-08-22 10:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-12 09:16 - 2015-04-22 22:54 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 09:16 - 2014-11-21 10:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-08-12 09:16 - 2013-08-14 09:40 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 09:16 - 2013-02-26 06:58 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-12 09:15 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 09:15 - 2013-08-22 10:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 06:29 - 2015-04-02 18:38 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-10 10:58 - 2013-03-27 18:42 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Vso
2015-08-10 10:54 - 2015-01-27 20:08 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-08 08:55 - 2014-11-21 11:03 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 08:55 - 2014-11-21 11:03 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-04 18:47 - 2013-03-01 22:30 - 00000000 ____D C:\Users\Pierre\AppData\Local\NETGEARGenie
2015-08-04 18:39 - 2013-12-22 04:02 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-08-04 01:41 - 2012-07-26 03:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-03 20:36 - 2013-06-25 17:10 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-03 05:02 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-03 02:36 - 2013-03-21 23:05 - 00000000 ____D C:\Users\Pierre\AppData\Roaming\Spotify
2015-08-02 16:37 - 2013-02-27 20:36 - 00000000 ____D C:\Users\Pierre\AppData\Local\Spotify
2015-08-01 15:31 - 2015-01-31 11:41 - 00002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-08-01 15:31 - 2015-01-31 11:41 - 00002081 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-08-01 15:31 - 2013-03-01 22:30 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2015-08-01 15:30 - 2013-03-01 22:30 - 00369168 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\wpcap.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00106000 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\packet.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\packet.dll
2015-08-01 15:30 - 2013-03-01 22:30 - 00035344 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-07-31 23:05 - 2015-01-20 21:29 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-31 22:59 - 2015-07-10 08:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-31 20:47 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-29 18:05 - 2013-03-27 18:42 - 00001189 _____ C:\Users\Pierre\AppData\Roaming\vso_ts_preview.xml
2015-07-29 16:54 - 2012-03-17 23:56 - 00000000 ____D C:\Users\Pierre\Documents\ConvertXToDVD
2015-07-25 19:16 - 2013-08-22 10:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-25 19:16 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-07-25 19:16 - 2013-04-13 11:57 - 00001106 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2015-07-25 19:16 - 2013-04-13 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-25 08:47 - 2015-04-04 23:51 - 00000000 ___SD C:\WINDOWS\system32\GWX

==================== Files in the root of some directories =======

2013-08-24 19:20 - 2015-06-07 12:48 - 0017644 _____ () C:\Users\Pierre\AppData\Roaming\AutoTagLog.log
2013-08-24 18:41 - 2015-06-07 12:48 - 0006200 _____ () C:\Users\Pierre\AppData\Roaming\RegistrationLog.log
2013-08-24 18:41 - 2015-06-07 14:06 - 0386833 _____ () C:\Users\Pierre\AppData\Roaming\ReplayMusicLog.log
2013-03-27 18:42 - 2015-07-29 18:05 - 0001189 _____ () C:\Users\Pierre\AppData\Roaming\vso_ts_preview.xml
2013-05-14 19:43 - 2015-08-13 17:45 - 0007613 _____ () C:\Users\Pierre\AppData\Local\Resmon.ResmonCfg
2013-06-23 17:41 - 2013-06-23 17:43 - 0034178 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130623.174143.wdl
2013-06-24 16:59 - 2013-06-24 17:00 - 0031125 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130624.165937.txt
2013-06-24 20:43 - 2013-06-24 20:44 - 0036301 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130624.204342.txt
2013-06-24 20:52 - 2013-06-24 20:54 - 0039446 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130624.205230.txt
2013-06-24 22:45 - 2013-06-24 22:47 - 0048826 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130624.224509.wdl
2013-06-25 17:19 - 2013-06-25 17:20 - 0035526 _____ () C:\Users\Pierre\AppData\Local\WiDiSetupLog.20130625.171917.wdl
2014-06-08 08:49 - 2014-06-08 08:49 - 0000088 _____ () C:\ProgramData\defraggler_list.txt
2013-02-17 00:54 - 2013-02-17 00:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Pierre\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-16 16:03

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Pierre (2015-08-17 09:53:27)
Running from C:\Users\Pierre\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1518660660-3768964156-1748568137-500 - Administrator - Disabled)
Guest (S-1-5-21-1518660660-3768964156-1748568137-501 - Limited - Enabled)
Pierre (S-1-5-21-1518660660-3768964156-1748568137-1001 - Administrator - Enabled) => C:\Users\Pierre

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.2.82 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChromecastApp (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CleanSpeech (remove only) (HKLM-x32\...\CleanSpeech) (Version: - )
ConvertXtoDVD 4.1.9.347 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.9.347 - )
Defraggler (HKLM\...\Defraggler) (Version: 2.15 - Piriform)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Free PDF to JPG Converter (HKLM-x32\...\{ECD1BC70-A5FD-42D3-AEBA-B71FE88FDBF2}) (Version: 1.0.0 - Free PDF Solutions)
FVD Suite 3.0.2 (HKLM-x32\...\{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1) (Version: - flashvideodownloader.org)
Google Chrome Canary (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Google Chrome SxS) (Version: 46.0.2485.0 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Google+ Auto Backup (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.242 - SurfRight B.V.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
KYOCERA USB Modem KC02US Driver (HKLM\...\{E2C3C89F-23CC-4C39-A900-6139F65B1557}) (Version: 2.11.0000 - KYOCERA Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.2200 - Broadcom Corporation)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0828 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0828 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.7 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
MagicfeaturesPlugin Release 2.11 (HKLM-x32\...\{MagicfeaturesPlugin-54F9C78F-EA53-45CA-B980-F3C~121E930F_is1) (Version: - PCPhoneSoft.com)
magicJack (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2003 Resource Kit (HKLM-x32\...\{90240409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
Nitro Pro 8 (HKLM\...\{FEB91DE4-3B51-4CB2-9CC4-E14577A85976}) (Version: 8.0.7.3 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.3.6-I601 (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{a3653c82-94f7-41ec-8a95-59f5f4471adf}) (Version: 0.9.1208 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1208 - Plex, Inc.) Hidden
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
RegAlyzer (HKLM-x32\...\{296B2D8E-CE82-92AF-B2E8-A646E7CB78A2}_is1) (Version: 1.6.2.16 - Safer-Networking Ltd.)
Replay Music 5 (HKLM-x32\...\ReplayMusic5.55) (Version: 5.55 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp Viewer (HKLM-x32\...\{ED618EA2-AEAA-4A8F-94D5-4610BA636EC6}) (Version: 8.0.15158 - Trimble Navigation Limited)
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Spotify (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
StreamTorrent NE 1.0 (HKLM-x32\...\StreamTorrent NE_is1) (Version: - )
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.4 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.1.0 - Tweaking.com)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Widevine Media Optimizer Chrome 6.0.0 (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\optimizer_chrome) (Version: 6.0.0.12757 - Widevine Technologies)
Winamp (HKLM-x32\...\Winamp) (Version: 5.7 Beta - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Wireless Wizard ver 6.1 (HKLM-x32\...\Wireless Wizard ver 6.1_is1) (Version: - Neri Networks, LLC.)
Yawcam 0.4.1 (HKLM-x32\...\{8FE96B14-E1F9-47BF-8BA1-A81467CD259B}_is1) (Version: - )
Zona (HKLM-x32\...\Zona)) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\Pierre\AppData\Local\Google\Chrome SxS\Application\46.0.2485.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pierre\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

01-08-2015 14:21:38 Plex Media Server
03-08-2015 20:33:28 Plex Media Server
11-08-2015 06:01:08 Scheduled Checkpoint
13-08-2015 11:01:40 Removed Apple Mobile Device Support
14-08-2015 21:42:31 Norton_Power_Eraser_20150814214213218
14-08-2015 22:24:46 Restore Operation
17-08-2015 08:41:54 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-05-06 17:08 - 2015-08-14 22:12 - 00449950 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D56E7AA-AD11-4E35-A72D-0E14AB43097C} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {0DD74A2B-3E03-4065-9ACF-3DC365E3005A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA => C:\Users\Pierre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {12D92E43-F164-4ABD-8C94-28C15D849783} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {183A30E6-FEB6-45A0-952E-1A437D796EB1} - System32\Tasks\{0C242EEE-77D3-4EB0-B748-7A00003F7CEE} => pcalua.exe -a C:\Users\Pierre\Desktop\Tcpview.exe -d C:\Users\Pierre\Desktop
Task: {198C435D-EB70-4120-90E7-F676B42767B4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core => C:\Users\Pierre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {4F479598-E499-4983-9F6D-ECF85504752A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {52548191-E272-4E75-BCE3-8B151517392C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)
Task: {6F21B335-BDFD-44D8-B357-8B747B69C9E0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core => C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {71FEFFD7-B48C-410F-BED6-609574C1DA2F} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {8A1CFC0D-0604-424E-89A3-B771C8B0AFB9} - \SomotoUpdateCheckerAutoStart -> No File <==== ATTENTION
Task: {947743D6-2EA8-4469-930F-06D7123F24A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {96F809AE-B482-4918-BC74-AE37CAFA04AD} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {979A0262-5792-4FD3-8FCD-8A81D5A7069D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {9B31841B-1304-4E48-99AC-ED2E78FA6117} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe
Task: {A8ECCCE4-3210-42F8-B370-BE8E5C88198B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA => C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-03] (Google Inc.)
Task: {AB59AE24-FA13-4DBE-9F6C-B704FB23C227} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {C69FDDA9-9132-45D7-9C96-F64BA4B383A4} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {EDFBA5B5-EDE8-493B-A3A3-579B9B77D4ED} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {FCB16220-B76E-4B86-8A5E-40A4F977200F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job => C:\Users\Pierre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job => C:\Users\Pierre\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001Core.job => C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1518660660-3768964156-1748568137-1001UA.job => C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2012-09-06 18:53 - 2012-09-06 18:53 - 00047480 _____ () C:\Program Files\Lenovo\Bluetooth Software\BtwLeAPI.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00054920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00017032 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00043656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-08-02 14:49 - 2015-08-02 14:49 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2013-02-17 00:35 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2015-08-02 14:49 - 2015-08-02 14:49 - 00031368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 12684 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Pierre\Pictures\Abstract-Fractal-Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Update service => 2
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "OnekeyStudio"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "BDRegion"
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "Dolby Home Theater v4"
HKLM\...\StartupApproved\Run32: => "MuteSync"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "NexDef Plug-in.lnk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "netlogon.bat"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "MagicfeaturesPlugin.lnk.disabled"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "Plex Media Server.lnk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\StartupFolder: => "WeatherMate4.exe"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "DCC22D39C36132D61EF08598A8B38D4D8E4E7F98._service_run"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "cdloader"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "CCleaner"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "googletalk"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "WeatherWatcherLive"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "Wireless_Wizard"
HKU\S-1-5-21-1518660660-3768964156-1748568137-1001\...\StartupApproved\Run: => "AceStream"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{CC018771-40E1-4A7A-B915-286C5EE65947}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F81BF52F-2FC3-4803-A093-C393523F34A9}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{5B366F27-2D73-4030-BA67-2A69B4AE881B}] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{011509F5-CBA4-4D70-AD16-29F4F23D8AC5}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{20464D25-0BEA-4003-A071-A3ACF6D8CA59}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Allow) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [{814143DD-2986-4C0B-89A2-10C11AC76C93}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{AEABCE10-C2E9-4D58-A38C-FC837B52F0B3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{EF80AF88-BC2F-4A61-8EF7-8A643A01B048}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{976854D4-2A52-4D7A-9A74-FE7A40F298F9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{689AD08C-C110-4E59-B795-C9F2C6B22B0B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0CB755FF-67D9-46FF-8863-B5411A1B557A}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{80B1D559-BFB1-491B-AD95-831F95CB3DDE}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{7809B351-F36A-40C8-B5B5-E032F427F22B}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{CA217258-847F-487C-ACBE-96AFE2530ED0}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{A86D035E-82FE-4D59-92FD-932205427B7E}] => (Block) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [UDP Query User{0ED4478E-E943-417E-BBAC-D044411CA32E}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [TCP Query User{95F2993E-2054-438B-8925-8078F3A0FD8B}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe
FirewallRules: [{8B35AF6A-370D-46FF-975E-FF2E037B4396}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9C9D274-EBD3-428F-BF90-FB70CDE9907C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9A4447D7-4A35-4A6F-9999-14FC5F94B9FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F72961A-22FC-4CC6-B814-3B11E0EDF3A6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{53E5AF56-49D1-4E33-B981-EA857571C486}C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{2E8FB82B-70F7-4B72-94BA-E70261105167}C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{D025CE5B-0832-46A8-88EE-3247D21C533C}] => (Allow) C:\Users\Pierre\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [{C27D62E6-25A4-44F3-9880-5E552E90B9A8}] => (Allow) C:\Users\Pierre\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [{71A817AC-AE52-4FDC-9963-514D5C2CBCE3}] => (Allow) C:\Users\Pierre\AppData\Local\MagicfeaturesPlugin\MagicfeaturesPlugin.exe
FirewallRules: [UDP Query User{4F7ECCA5-216D-4243-92D2-8976E629AF0D}C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [TCP Query User{8FD604C4-AD19-4C18-B68B-3E68DE879F07}C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe] => (Allow) C:\users\pierre\appdata\local\google\chrome sxs\application\chrome.exe
FirewallRules: [{F4A1D345-39CF-4408-BB47-F55B35C9BCCC}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{0C97A844-B39A-4A2F-98A8-4B601C3BF4A3}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [UDP Query User{09C5DE9F-0859-4E4F-B976-76538138A8C1}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [TCP Query User{78638C2A-0A3C-45E7-9B7B-AD734EDC9CCF}C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe] => (Allow) C:\program files (x86)\fvd suite\fvd downloader\fvd downloader.exe
FirewallRules: [{3F699685-FFA2-4D21-A6E4-B6658F67F46B}] => (Allow) C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B1547624-A4C5-47BE-8B0E-C2DDC1E5852D}] => (Allow) C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5FF9C0F-A38E-42A8-B749-F8EE5CAAFD1E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{72279E7C-3A87-4481-8E20-51FF4337CABC}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{04AD9438-0A25-4EA2-BF4F-13AF28274F8B}C:\users\pierre\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\pierre\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{635D1C78-BA38-4CF7-9922-0AD431E5176A}C:\users\pierre\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\pierre\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [{05C13164-9A8D-4B3A-BD1C-BF4C14960F35}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{DE16529E-29E3-4D4D-A785-DB0B97AA246C}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
FirewallRules: [{38C16B94-DE88-495C-A559-D147F063B81D}] => (Block) C:\users\pierre\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{BA66CF87-0EF9-48DE-BAB3-A4339E12439E}] => (Block) C:\users\pierre\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{EB2109D0-DCDB-4AD6-AA32-5C2B86FF8FDA}C:\users\pierre\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pierre\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{F8B762A9-871C-43B0-AFA2-00331F8FB3CA}C:\users\pierre\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pierre\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{AFDE7C12-13D9-46D0-A2A6-5569179FC805}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{E0BF46D1-2485-4230-B553-921100917FD7}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{941AC7E4-9CEF-43C7-A72F-E1C54D3662B2}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [{092118FF-735D-4493-8BFB-75948F73887F}] => (Allow) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
FirewallRules: [UDP Query User{16719A18-C754-4B01-B835-84DB45246C42}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{6BEC6D4C-6490-4822-B55A-6C2E8090580B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{436A0E7A-5118-4E90-95D5-96474C31B39B}C:\users\pierre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pierre\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{EFB9B058-B5FF-4D05-B5C7-0232B3EFEE20}C:\users\pierre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pierre\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{EDBBC4F1-DE23-4F3F-8B0C-A5A07CDAFC2C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{6AF125AB-F3E2-4AE7-9AA6-9D4E47A04D62}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{A78EE855-0AD4-4A57-899F-04843AEB48A8}C:\users\pierre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pierre\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F0D1E682-7FDE-4202-AD60-2C2EDB1777E1}C:\users\pierre\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\pierre\appdata\roaming\spotify\spotify.exe
FirewallRules: [{57F1C4A4-0EF5-4A39-9E67-083343B798E1}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{54E0A300-9AEE-4271-9B84-5A4E7E2D3C92}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{606AA3EC-9EC1-41CF-B179-1D10AAB7B5AA}] => (Allow) C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{473DA8E3-E218-428E-B46A-063EB26B6320}] => (Allow) C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{4782A9BB-A3DE-43FA-BB79-EDE22505E896}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2E4B6FEB-4CB2-4764-A839-5237E25AB56B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{7C656EF2-FFF6-462A-902B-60B772CF8FDF}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D7B7DB3B-D964-40FD-8DA6-B8629D279A23}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{D999BE49-EA70-492B-8F38-19EC2288E593}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [TCP Query User{6EA96912-5065-43A0-83EF-3EEE7B61D157}C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe
FirewallRules: [UDP Query User{A6EA3801-864E-4119-85DA-B4364188DE7E}C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe] => (Allow) C:\program files (x86)\streamtorrent ne 1.0\streamtorrent.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 12:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0xbf4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/15/2015 02:11:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Scheduled Checkpoint). Additional information: 0x80070017.

Error: (08/15/2015 12:23:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Apple Mobile Device Support). Additional information: 0x80070017.

Error: (08/15/2015 11:58:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (08/14/2015 10:49:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Removed Apple Mobile Device Support). Additional information: 0x80070017.

Error: (08/14/2015 10:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.55.0, time stamp: 0x557a2a02
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000142
Fault offset: 0x0009d4f2
Faulting process id: 0x870
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3
Faulting package full name: mbam.exe4
Faulting package-relative application ID: mbam.exe5

Error: (08/14/2015 09:59:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.17667 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5f0

Start Time: 01d0d6fa955fb762

Termination Time: 0

Application Path: C:\WINDOWS\Explorer.EXE

Report Id: 54550838-42f9-11e5-80a1-00ad30fb48c6

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 07:35:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BDUARemovalTool.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 98c

Start Time: 01d0d6f13086b36e

Termination Time: 4294967295

Application Path: C:\Users\Pierre\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe

Report Id: 8a8fbfaa-42e5-11e5-809a-00ad309b1e76

Faulting package full name:

Faulting package-relative application ID:

Error: (08/14/2015 06:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x6f4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (08/14/2015 06:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 39.0.3.5696, time stamp: 0x55c33d81
Faulting module name: mozalloc.dll, version: 39.0.3.5696, time stamp: 0x55c32c73
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1408
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

System errors:
=============
Error: (08/17/2015 09:32:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1069

Error: (08/17/2015 09:32:58 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (08/17/2015 09:32:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The IconMan_R service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/17/2015 09:32:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 2 time(s).

Error: (08/17/2015 09:32:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (08/17/2015 09:32:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/17/2015 09:32:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/17/2015 09:32:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (08/17/2015 08:43:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/17/2015 08:43:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).

Microsoft Office:
=========================
Error: (08/16/2015 12:08:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02KERNELBASE.dll6.3.9600.1793655a68dd1c00001420009d4f2bf401d0d8460d5b9a9eC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll59e31f09-4439-11e5-80b1-089e0189d2fc

Error: (08/15/2015 02:11:32 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Scheduled Checkpoint0x80070017

Error: (08/15/2015 12:23:48 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Apple Mobile Device Support0x80070017

Error: (08/15/2015 11:58:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (08/14/2015 10:49:07 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Removed Apple Mobile Device Support0x80070017

Error: (08/14/2015 10:48:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe2.3.55.0557a2a02KERNELBASE.dll6.3.9600.1793655a68dd1c00001420009d4f287001d0d70d35dfbb58C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dll77b3ef57-4300-11e5-80a2-00ad300ba9b8

Error: (08/14/2015 09:59:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.176675f001d0d6fa955fb7620C:\WINDOWS\Explorer.EXE54550838-42f9-11e5-80a1-00ad30fb48c6

Error: (08/14/2015 07:35:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: BDUARemovalTool.exe0.0.0.098c01d0d6f13086b36e4294967295C:\Users\Pierre\AppData\Local\Temp\BDRemovalTool\BDUARemovalTool.exe8a8fbfaa-42e5-11e5-809a-00ad309b1e76

Error: (08/14/2015 06:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa16f401d0d6e7dcdb3e67C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1d236583-42db-11e5-8099-00ad30ab8b44

Error: (08/14/2015 06:06:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe39.0.3.569655c33d81mozalloc.dll39.0.3.569655c32c738000000300001aa1140801d0d6e1e0f5aa9cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2590343b-42d9-11e5-8098-00ad30dbea8b

CodeIntegrity:
===================================
Date: 2015-08-17 04:16:38.218
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 04:16:38.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 04:16:37.818
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 04:16:35.322
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 04:16:33.807
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 03:41:45.190
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 03:41:44.990
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 03:41:44.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 03:41:44.580
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-17 03:41:44.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8052.89 MB
Available physical RAM: 5694.18 MB
Total Virtual: 16244.91 MB
Available Virtual: 13610.27 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:883.74 GB) (Free:664.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:19.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 574DB873)

Partition: GPT.

==================== End of log ============================

Cloudblue

2015-08-17, 18:31

regarding bullet point "Place a checkmark next to and click" (on ES

Place a checkmark next to ? and click ?

???????

Juliet

2015-08-17, 18:53

regarding bullet point "Place a checkmark next to and click" (on ES

Place a checkmark next to ? and click ?

???????

Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Juliet

2015-08-17, 18:58

I'm sorry, was this it?

Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png

Cloudblue

2015-08-17, 20:41

Go ahead and do the above.

Also, let's run an online to look for hidden items.

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

ESET:
C:\AdwCleaner\Quarantine\C\Users\Pierre\AppData\Roaming\zona\plugins\zupdater\ZonaUpdater.exe.bak.vir a variant of Win32/ZvuZona.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Pierre\AppData\Roaming\zona\plugins\zupdater\ZonaUpdater.exe.vir a variant of Win32/ZvuZona.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Pierre\AppData\Roaming\zona\plugins\zupdater\zupdater_0.0.2.1.zip.vir a variant of Win32/ZvuZona.F potentially unwanted application
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon10.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon11.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon12.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon13.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon14.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon15.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon16.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon2.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon3.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon4.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon5.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon6.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon7.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon8.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon9.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon10.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon11.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon12.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon13.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon14.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon15.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon16.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon2.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon3.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon4.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon5.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon6.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon7.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon8.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IronInstallToolbarAmazon9.zip Win32/Bagle.gen.zip worm
C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.2_37951.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\Desktop\FamilTreeMaker\FTM 2012\setup.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Pierre\Desktop\Recent Downloads\arolicense2012.exe a variant of Win32/Systweak potentially unwanted application
C:\Users\Pierre\Desktop\Recent Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Pierre\Desktop\Recent Downloads\BestVideoDownloader(1).exe a variant of Win32/KBM.A potentially unwanted application
C:\Users\Pierre\Desktop\Recent Downloads\BestVideoDownloader.exe a variant of Win32/KBM.A potentially unwanted application
C:\Users\Pierre\Desktop\Recent Downloads\Shockwave_Installer_Slim.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pierre\Downloads\ccsetup508.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Pierre\Google Drive\PrivitizeVPNInstallerCLEAN.rar Win32/TopMedia.A potentially unwanted application
C:\Users\Pierre\Halite Downloads\Incoming\FTM 2012\setup.exe a variant of Win32/HiddenStart.A potentially unsafe application

Cloudblue

2015-08-17, 20:44

Should I have uninstalled ESET?

Juliet

2015-08-17, 21:11

Should I have uninstalled ESET?

You can.

bittorrent and torrents (authorities are going after the popular Pirate Bay Web site for illegal distribution of video files, piracy community) is going to render your machine unbootable.
http://i.imgur.com/goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent| µTorrent, nowtorrents.com | YIFY ). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~~~~~~~~~~~~~~~`

These files aren´t malware but contain security risks. I´d delete them immediately - your choice.

C:\Users\Pierre\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.3.2_30303.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.3.2_30416.exe a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.2_37951.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe a variant of Win32/OpenCandy.C potentially unsafe application
C:\Users\Pierre\Desktop\FamilTreeMaker\FTM 2012\setup.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Users\Pierre\Desktop\Recent Downloads\avc-free.exe Win32/OpenCandy potentially unsafe application
C:\Users\Pierre\Halite Downloads\Incoming\FTM 2012\setup.exe a variant of Win32/HiddenStart.A potentially unsafe application

~~~~~~~~~~~~~~~~~~~~~`

Running from C:\Users\Pierre\Downloads

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {47D7A7B1-F879-498A-8632-BAE1DA05B228} URL =
SearchScopes: HKU\S-1-5-21-1518660660-3768964156-1748568137-1001 -> {A0CDCC51-0AE4-49E5-8496-477132B65F7B} URL =
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-14] <==== ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - "C:\Program Files (x86)\FVD Suite\addons\chrome\fvdext.crx" <not found>
C:\Users\Pierre\AppData\Local\Temp\sqlite3.dll
Task: {8A1CFC0D-0604-424E-89A3-B771C8B0AFB9} - \SomotoUpdateCheckerAutoStart -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
C:\Users\Pierre\Desktop\Recent Downloads\arolicense2012.exe
C:\Users\Pierre\Desktop\FamilTreeMaker\FTM 2012\setup.exe
C:\Users\Pierre\Desktop\Recent Downloads\BestVideoDownloader(1).exe
C:\Users\Pierre\Desktop\Recent Downloads\BestVideoDownloader.exe
C:\Users\Pierre\Desktop\Recent Downloads\Shockwave_Installer_Slim.exe
C:\Users\Pierre\Downloads\ccsetup508.exe
C:\Users\Pierre\Google Drive\PrivitizeVPNInstallerCLEAN.rar
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please tell me how your computer is now.

Cloudblue

2015-08-17, 21:41

I have deleted the security risks and here is the fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Pierre (2015-08-17 13:30:21) Run:1
Running from C:\Users\Pierre\Desktop
Loaded Profiles: Pierre (Available Profiles: Pierre)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully
HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully
HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully
HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully
HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShareOverlay" => key removed successfully
HKCR\Wow6432Node\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.

The system needed a reboot..

"Homepage" (4-you.net) is gone......

I will continue to monitor performance throughout the day and report back if any anomalies encountered.

Juliet, thank you so much for your assistance!!!

==== End of Fixlog 13:31:17 ====

Cloudblue

2015-08-17, 21:42

Can you give me a briefing of what was done?? Your thoughts?

Cloudblue

2015-08-17, 23:08

After a few hours of testing, all is well.
Also, the computer hangs seem to have stopped.... I was getting "windows is not responding" hang ups evry 30 minutes or so.

Juliet

2015-08-18, 01:47

"Homepage" (4-you.net) is gone......

I will continue to monitor performance throughout the day and report back if any anomalies encountered.

Juliet, thank you so much for your assistance!!!

Can you give me a briefing of what was done?? Your thoughts?

After a few hours of testing, all is well.
Also, the computer hangs seem to have stopped.... I was getting "windows is not responding" hang ups every 30 minutes or so.

Alot of those 2nd and 3rd party items you downloaded from uTorrent and Pirate Bay came in bundled with what looks like a good amount of nasties.
If it's not legit, leave it alone.

Also, correct me if I'm wrong but, you don't have an onboard and active antivirus?

Ready to remove tools and quarantine folders?

Cloudblue

2015-08-18, 02:26

Alot of those 2nd and 3rd party items you downloaded from uTorrent and Pirate Bay came in bundled with what looks like a good amount of nasties.
If it's not legit, leave it alone.

Also, correct me if I'm wrong but, you don't have an onboard and active antivirus?

Ready to remove tools and quarantine folders?

Point taken about the nasties. I use windefender and malwarebytes premium/spybot free. Do I need a dedicated antivirus?

I have already removed tools.

Juliet

2015-08-18, 03:00

Point taken about the nasties. I use windefender and malwarebytes premium/spybot free. Do I need a dedicated antivirus?

Note for Windows 8/10 users: Windows 8 and Windows 10 integrates a more robust version of Windows Defender (and uses that name) for its anti-virus and anti-malware protection. Although it uses the same name, it is not the same as the older version of Defender found in previous operating systems. Windows 8/10 Defender provides the same level of protection against malware as Microsoft Security Essentials (MSE), therefore, you cannot use MSE with Windows 8/10.

http://answers.microsoft.com/en-us/protect/wiki/protect_defender-protect_start/windows-defender-on-windows-8-introduction-and/f1e00106-6687-4efe-9ec0-ed9f72fabb92

If you want to use another anti-virus then you need to disable Windows Defender.
http://www.guidingtech.com/10154/disable-windows-8-defender-before-installing-antivirus

Read over this link, very informative. Start with post 2.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/?p=2316629

~~~~~~~~~~~~

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools

Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~`

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet

2015-08-20, 13:18

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.