PDA

View Full Version : Unusually slow PC


Fluffy
2015-08-30, 17:39
Hi,

I have been struggling the last few weeks with my PC becoming unusually retarded. My Windows 7, Spybot and Norton is Up-To-Date and do not detect any malware. I have not installed significant new programs or used significant amounts of Disc space either. I have a strong suspicion that something is not right, as my PC also does not want to do a proper Shutdown anymore - probably the last 2-3 months or so. It simply comes to the "Shutting Down" screen then eventually Times-out and reboots automatically.

Can you please assist? Would greatly appreciate it.
Fluffy
2015-08-30, 18:30
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:30-08-2015
Ran by Riaan Nel (administrator) on RIAANNEL-PC (30-08-2015 17:13:36)
Running from C:\Users\Riaan Nel\Desktop
Loaded Profiles: Riaan Nel (Available Profiles: Riaan Nel)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
(OB) C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe
() C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
(OB) C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe
() C:\ProgramData\ExtTag\ExtTag.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(MiniLite system) C:\Program Files\MiniLite\ProtectService.exe
(IBM Corp.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() C:\Windows\System32\XSrvSetup.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\NixSrv\NixSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.7.0.11\n360.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
(Gigabyte Technology CO., LTD.) C:\Program Files\GIGABYTE\smart6\timelock\AlarmClock.exe
(TODO: <公司名>) C:\Program Files\SFK\SSFK.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\SFK\SFKEX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe
() C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\MultiScreen\MultiScreen.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\ProgramData\ExtTag\Zaamstock.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [gpuminer] => C:\Users\Riaan Nel\AppData\Roaming\cpuminer\sgminer\start.cmd [214 2015-08-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [BCU] => C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM, Inc.)
HKLM\...\RunOnce: [DES2] => C:\Program Files\GIGABYTE\EnergySaver2\des2.exe [354856 2010-03-01] ()
HKLM\...\RunOnce: [SDBOK] => C:\Program Files\GIGABYTE\smart6\dbios\run.exe [207400 2009-07-06] ()
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\...\Run: [MultiScreen] => C:\Program Files\MultiScreen\MultiScreen.exe [303104 2009-08-11] ()
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
AppInit_DLLs: C:\ProgramData\ExtTag\FinLex.dll => C:\ProgramData\ExtTag\FinLex.dll [194560 2015-08-30] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\21.7.0.11\buShell.dll [2015-03-07] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\LavasoftTcpService.dll [345360 2015-08-30] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\system32\LavasoftTcpService.dll [345360 2015-08-30] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\system32\LavasoftTcpService.dll [345360 2015-08-30] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\system32\LavasoftTcpService.dll [345360 2015-08-30] (Lavasoft Limited)
Winsock: Catalog9 54 C:\Windows\system32\LavasoftTcpService.dll [345360 2015-08-30] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.2 10.0.0.2
Tcpip\..\Interfaces\{2C6A66E7-0B6E-4D31-8457-FFB868D4AC45}: [NameServer] 196.207.32.83 196.207.32.69
Tcpip\..\Interfaces\{AD33D6FB-F202-4FC6-A1E6-77A5DA8A2C69}: [DhcpNameServer] 10.0.0.2 10.0.0.2

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://howzit.msn.com/?ocid=iehp
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {268C499D-539E-4660-9550-610C05F59C45} URL = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {2B565C86-4476-4751-9420-A26C016C132C} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {59577AB6-9467-480d-9636-8966868E8BEC} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://za.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150830__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll [2004-01-22] (Belarc, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1440760054&z=54f83e43e617994f95f37d7g3zaz0e9meqaefgecee&from=obw&uid=ST3250823AS_5ND3BHZBXXXX5ND3BHZB

FireFox:
========
FF ProfilePath: C:\Users\Riaan Nel\AppData\Roaming\Mozilla\Firefox\Profiles\ubs63plf.default
FF Homepage: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
FF NewTab: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-01-05] (GARMIN Corp.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_60\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-30] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-08-07] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF SearchPlugin: C:\Users\Riaan Nel\AppData\Roaming\Mozilla\Firefox\Profiles\ubs63plf.default\searchplugins\yahoo-lavasoft.xml [2015-08-30]
FF Extension: Garmin Communicator - C:\Users\Riaan Nel\AppData\Roaming\Mozilla\Firefox\Profiles\ubs63plf.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-10-26]
FF HKLM\...\Firefox\Extensions: [downloader@freeyoutubetomp3converter.org] - C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox
FF Extension: FreeYouTubeToMP3TURBOConverter plugin for Mozilla Firefox - C:\Program Files\FreeYouTubeToMP3TURBOConverter\Firefox [2013-03-20]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.5.0.19\coFFPlgn [2015-08-30]

Chrome:
=======
CHR Profile: C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-10]
CHR Extension: (Rapport) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2015-06-15]
CHR Extension: (YouTube) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-10]
CHR Extension: (Google Search) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-10]
CHR Extension: (Google Sheets) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (Norton Identity Safe) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-02-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-10]
CHR Extension: (Gmail) - C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-29]
CHR HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeActiveFileMonitor10.0; D:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [223464 2009-10-15] (DeviceVM, Inc.)
R2 DES2 Service; C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe [68136 2009-06-17] ()
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [921232 2015-07-24] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
R2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72280 2010-09-07] ()
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.7.0.11\N360.exe [265000 2015-03-07] (Symantec Corporation)
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed] <==== ATTENTION
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-24] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4305040 2015-07-24] (NVIDIA Corporation)
S4 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] () [File not signed]
R2 RapportMgmtService; C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [2255128 2015-08-04] (IBM Corp.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)
R2 Smart TimeLock; C:\Program Files\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [114688 2009-10-13] (Gigabyte Technology CO., LTD.) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 SSFK; C:\Program Files\SFK\SSFK.exe [448000 2015-08-28] (TODO: <公司名>) [File not signed]
S2 updvte; C:\Users\Riaan Nel\AppData\Local\Lot-media.exe [52736 2015-08-28] () [File not signed]
R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-07-14] (Vodafone) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 GenericMount Helper Service; "C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe" [X]
S3 SymSnapService; "C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
S3 ASPI; C:\Windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2003-03-06] () [File not signed]
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20150810.001\BHDrvx86.sys [1181936 2015-07-23] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
S3 DCamUSBTP10; C:\Windows\System32\Drivers\iP293x.sys [183552 2009-11-20] (iPassion Technology Inc.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-09-04] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389456 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [122192 2015-07-28] (Symantec Corporation)
S3 etdrv; C:\Windows\etdrv.sys [17488 2013-07-01] (Windows (R) 2000 DDK provider)
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-08-30] (Windows (R) 2000 DDK provider)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-07-11] ()
R1 IDSVix86; C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20150811.001\IDSvix86.sys [523512 2015-06-21] (Symantec Corporation)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [104024 2010-09-07] (JMicron Technology Corp.)
S3 NAVENG; C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150811.009\NAVENG.SYS [104440 2015-06-24] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150811.009\NAVEX15.SYS [1645432 2015-06-24] (Symantec Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\aztech_npf32.sys [42000 2008-06-03] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-07-24] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [42344 2015-07-03] (NVIDIA Corporation)
R1 RapportCerberus_1507065; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1507065.sys [555000 2015-08-27] (IBM Corp.)
R1 RapportEI; C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [292280 2015-08-04] (IBM Corp.)
R0 RapportHades; C:\Windows\System32\Drivers\RapportHades.sys [70168 2015-08-04] (IBM Corp.)
S3 RapportKELL; C:\Windows\System32\Drivers\RapportKELL.sys [223000 2015-08-04] (IBM Corp.)
R1 RapportPG; C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [349816 2015-08-04] (IBM Corp.)
R3 RtkBtFilter; C:\Windows\System32\DRIVERS\RtkBtfilter.sys [515288 2015-01-20] (Realtek Semiconductor Corporation)
S3 s0017bus; C:\Windows\System32\DRIVERS\s0017bus.sys [86824 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\System32\DRIVERS\s0017mdfl.sys [15016 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\System32\DRIVERS\s0017mdm.sys [114600 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\DRIVERS\s0017mgmt.sys [108328 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\System32\DRIVERS\s0017nd5.sys [26024 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\DRIVERS\s0017obex.sys [104616 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\DRIVERS\s0017unic.sys [109736 2008-10-21] (MCCI Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73728 2001-06-22] (Rainbow Technologies, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-06-16] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\N360\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [44624 2014-09-21] ()
R0 SymDS; C:\Windows\System32\drivers\N360\1507000.00B\SYMDS.SYS [367704 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1507000.00B\SYMEFA.SYS [936152 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-08-21] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1507000.00B\SYMNETS.SYS [447704 2014-07-23] (Symantec Corporation)
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [125472 2012-12-07] (Acronis)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [83392 2012-12-07] (Acronis)
R3 vodafone_K3805-z_dc_enum; C:\Windows\System32\DRIVERS\vodafone_K3805-z_dc_enum.sys [61952 2010-09-01] (Vodafone)
S3 vodafone_zte_cdc_acm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_acm.sys [67968 2011-05-20] (Vodafone)
S3 vodafone_zte_cdc_ecm; C:\Windows\System32\DRIVERS\vodafone_zte_cdc_ecm.sys [52224 2011-05-20] (Vodafone)
S3 vodafone_zte_cpo; C:\Windows\System32\DRIVERS\vodafone_zte_cpo.sys [9984 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum.sys [47488 2011-05-20] (Vodafone)
S3 vodafone_zte_ecm_enum_filter; C:\Windows\System32\DRIVERS\vodafone_zte_ecm_enum_filter.sys [47488 2011-05-20] (Vodafone)
S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105856 2010-09-08] (ZTE Incorporated)
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [194048 2010-09-08] (ZTE Incorporated)
R1 {4c2490b8-3135-4953-8c3d-6c03c4721091}Gw; C:\Windows\System32\drivers\{4c2490b8-3135-4953-8c3d-6c03c4721091}Gw.sys [43152 2015-08-28] (StdLib)
S2 ALIWEHCD; System32\Drivers\mfpec.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
U2 srservice; no ImagePath
U2 V2iMount; no ImagePath
S3 WUSBVBus; system32\DRIVERS\mfpvbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 17:13 - 2015-08-30 17:14 - 00030527 _____ C:\Users\Riaan Nel\Desktop\FRST.txt
2015-08-30 17:13 - 2015-08-30 17:13 - 00000000 ____D C:\FRST
2015-08-30 17:12 - 2015-08-30 17:12 - 01690624 _____ (Farbar) C:\Users\Riaan Nel\Desktop\FRST.exe
2015-08-30 17:11 - 2015-08-30 17:11 - 00000207 _____ C:\Windows\tweaking.com-regbackup-RIAANNEL-PC-Windows-7-Home-Premium-(32-bit).dat
2015-08-30 17:11 - 2015-08-30 17:11 - 00000000 ____D C:\RegBackup
2015-08-30 17:09 - 2015-08-30 17:09 - 02023465 _____ C:\Users\Riaan Nel\Desktop\tweaking.com_registry_backup_portable.zip
2015-08-30 17:09 - 2015-08-30 17:09 - 00000000 ____D C:\Users\Riaan Nel\Desktop\tweaking.com_registry_backup_portable
2015-08-30 17:02 - 2015-08-30 17:04 - 29720784 _____ (Microsoft Corporation) C:\Users\Riaan Nel\Desktop\IE11-Windows6.1-x86-en-us (1).exe
2015-08-30 16:36 - 2015-08-30 16:36 - 00000085 _____ C:\Users\Riaan Nel\Desktop\New Text Document.txt
2015-08-30 16:18 - 2015-07-31 09:12 - 00450831 _____ C:\Windows\system32\Drivers\etc\hosts.20150830-161842.backup
2015-08-30 15:19 - 2015-08-30 15:20 - 00000000 ____D C:\Program Files\QuickTime
2015-08-30 15:19 - 2015-08-30 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-30 15:19 - 2015-08-30 15:19 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-30 15:09 - 2015-08-30 15:09 - 00000000 ____D C:\Program Files\Common Files\Java
2015-08-30 15:08 - 2015-08-30 15:08 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\Sun
2015-08-30 15:08 - 2015-08-30 15:08 - 00000000 ____D C:\Users\Riaan Nel\.oracle_jre_usage
2015-08-30 15:05 - 2015-08-30 15:05 - 00345360 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService.dll
2015-08-30 15:05 - 2015-08-30 15:05 - 00002864 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-08-30 15:04 - 2015-08-30 15:04 - 00000000 ____D C:\Program Files\Lavasoft
2015-08-30 15:03 - 2015-08-30 15:03 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\OpenCandy
2015-08-30 14:29 - 2015-08-30 14:29 - 00002377 _____ C:\Windows\system32\findit.xml
2015-08-30 14:29 - 2015-08-30 14:29 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-30 14:24 - 2015-08-30 16:46 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-28 15:28 - 2015-08-30 15:08 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-08-28 15:27 - 2015-08-30 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 15:26 - 2015-08-30 15:12 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 13:18 - 2015-08-30 16:43 - 00002424 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job
2015-08-28 13:18 - 2015-08-30 16:43 - 00002424 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job
2015-08-28 13:17 - 2015-08-30 16:45 - 00001036 _____ C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job
2015-08-28 13:17 - 2015-08-30 16:43 - 00005496 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job
2015-08-28 13:17 - 2015-08-30 16:43 - 00005160 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job
2015-08-28 13:17 - 2015-08-30 16:43 - 00003116 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job
2015-08-28 13:17 - 2015-08-30 16:43 - 00003116 _____ C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job
2015-08-28 13:17 - 2015-08-28 13:17 - 00000000 ____D C:\Program Files\0f705ca4-eec7-4274-9270-d7599ae20ac0
2015-08-28 13:16 - 2015-08-30 16:14 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\cpuminer
2015-08-28 13:15 - 2015-08-28 13:18 - 00000000 ____D C:\Program Files\SavePass 1.1
2015-08-28 13:14 - 2015-08-30 16:45 - 00000000 ____D C:\ProgramData\update
2015-08-28 13:14 - 2015-08-30 16:44 - 00000000 ____D C:\Program Files\SFK
2015-08-28 13:14 - 2015-08-28 19:20 - 00000000 ____D C:\Program Files\globalUpdate
2015-08-28 13:14 - 2015-08-28 13:14 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\globalUpdate
2015-08-28 13:14 - 2015-08-28 13:14 - 00000000 ____D C:\Program Files\MiniLite
2015-08-28 13:12 - 2015-08-28 13:19 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\Opera Software
2015-08-28 13:12 - 2015-08-28 13:19 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\Opera Software
2015-08-28 13:12 - 2015-08-28 13:13 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\istartsurf
2015-08-28 13:10 - 2015-08-28 03:43 - 00043152 _____ (StdLib) C:\Windows\system32\Drivers\{4c2490b8-3135-4953-8c3d-6c03c4721091}Gw.sys
2015-08-28 13:07 - 2015-08-28 14:07 - 00000000 ____D C:\Program Files\NixSrv
2015-08-28 13:07 - 2015-08-28 13:19 - 00000000 ____D C:\Program Files\Opera
2015-08-28 13:07 - 2015-08-28 13:07 - 00052736 _____ C:\Users\Riaan Nel\AppData\Local\Lot-media.exe
2015-08-28 13:07 - 2015-08-28 13:07 - 00000187 _____ C:\Users\Riaan Nel\AppData\Local\Lot-media.exe.config
2015-08-28 13:05 - 2015-08-28 13:05 - 00586981 _____ C:\Users\Riaan Nel\Downloads\Vector Magic 1.15.rar
2015-08-28 13:05 - 2015-08-28 13:05 - 00000000 ____D C:\Users\Riaan Nel\Downloads\Vector Magic 1.15
2015-08-28 13:00 - 2015-08-28 14:39 - 01425753 _____ C:\Users\Riaan Nel\Desktop\Design 3d.psd
2015-08-27 14:05 - 2015-08-27 14:05 - 00767312 _____ C:\Users\Riaan Nel\Desktop\Design 3c.psd
2015-08-27 13:35 - 2015-08-28 13:39 - 02031327 _____ C:\Users\Riaan Nel\Desktop\Design 2b.psd
2015-08-26 08:34 - 2015-08-26 08:35 - 113032188 _____ C:\Windows\MEMORY.rar
2015-08-24 08:56 - 2015-08-24 08:56 - 04263936 _____ C:\Users\Riaan Nel\Desktop\errors.evtx
2015-08-24 08:31 - 2015-08-15 01:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-24 08:31 - 2015-08-15 00:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-24 08:31 - 2015-08-15 00:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-17 19:17 - 2015-08-17 19:17 - 00455824 _____ C:\Windows\Minidump\081715-34164-01.dmp
2015-08-15 18:16 - 2015-08-15 18:16 - 00449888 _____ C:\Windows\Minidump\081515-36379-01.dmp
2015-08-15 15:24 - 2015-08-28 15:34 - 01393202 _____ C:\Users\Riaan Nel\Desktop\Design Combo.psd
2015-08-15 15:04 - 2015-08-28 13:54 - 01515210 _____ C:\Users\Riaan Nel\Desktop\Design 4.psd
2015-08-14 17:47 - 2015-08-14 17:48 - 00119346 _____ C:\Users\Riaan Nel\Desktop\LiKbkzdia.jpeg
2015-08-14 17:39 - 2015-08-28 15:31 - 03288535 _____ C:\Users\Riaan Nel\Desktop\Design 1.psd
2015-08-14 13:45 - 2015-08-14 13:46 - 29720784 _____ (Microsoft Corporation) C:\Users\Riaan Nel\Downloads\IE11-Windows6.1-x86-en-us.exe
2015-08-14 11:41 - 2015-08-07 02:16 - 00572024 _____ (NVIDIA Corporation) C:\Windows\system32\nvStreaming.exe
2015-08-14 11:12 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-14 11:12 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-14 11:12 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-14 11:12 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-14 11:12 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-14 11:12 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-14 11:12 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-14 11:12 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-14 11:12 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-14 11:12 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-14 11:12 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-14 11:12 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-14 11:12 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-14 11:12 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-14 11:12 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-14 11:12 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-14 11:12 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-14 11:12 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-14 11:12 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 15:45 - 2015-08-13 16:13 - 00016110 _____ C:\Users\Riaan Nel\Desktop\SEPTEMBER 2015.xlsx
2015-08-11 01:08 - 2015-08-11 01:08 - 37758096 _____ C:\Windows\system32\nvcompiler.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 22960768 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 13279152 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 11846744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 09176720 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-08-11 01:08 - 2015-08-11 01:08 - 02610816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 01058120 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3235382.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00992072 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00986752 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00931680 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00922936 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3235382.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00180064 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2015-08-11 01:08 - 2015-08-11 01:08 - 00165712 _____ (NVIDIA Corporation) C:\Windows\system32\nvinit.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00137424 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim32.dll
2015-08-11 01:08 - 2015-08-11 01:08 - 00045920 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2015-08-10 23:44 - 2015-08-10 23:44 - 00026142 _____ C:\Windows\system32\nvinfo.pb
2015-08-10 21:42 - 2015-08-10 21:42 - 00447120 _____ C:\Windows\Minidump\081015-24429-01.dmp
2015-08-06 16:19 - 2015-08-06 16:20 - 14101410 _____ C:\Users\Riaan Nel\Desktop\Jamsplay_com _ Facebook.mp4
2015-08-06 16:12 - 2015-08-06 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\system32\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\system32\QuickTime.qts
2015-08-05 16:15 - 2015-08-05 16:15 - 00000000 ____D C:\Users\Riaan Nel\Documents\Zynewave Podium
2015-08-05 16:13 - 2015-08-05 16:13 - 00001122 _____ C:\Users\Public\Desktop\Podium Free.lnk
2015-08-05 16:13 - 2015-08-05 16:13 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\Zynewave
2015-08-05 16:13 - 2015-08-05 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zynewave Podium Free
2015-08-05 16:13 - 2015-08-05 16:13 - 00000000 ____D C:\Program Files\Zynewave
2015-08-05 16:10 - 2015-08-05 16:12 - 16322898 _____ C:\Users\Riaan Nel\Downloads\PodiumFree_321.zip
2015-08-05 11:56 - 2015-08-05 11:56 - 00448568 _____ C:\Windows\Minidump\080515-28891-01.dmp
2015-08-04 22:47 - 2015-08-04 22:47 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\Apple Computer
2015-08-04 22:46 - 2015-08-05 09:21 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\Apple Computer
2015-08-04 22:43 - 2015-08-04 22:43 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-08-04 22:43 - 2015-08-04 22:43 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\Apple
2015-08-04 22:43 - 2015-08-04 22:43 - 00000000 ____D C:\Program Files\Apple Software Update
2015-08-04 22:42 - 2015-08-04 22:42 - 00000000 ____D C:\ProgramData\Apple
2015-08-04 22:42 - 2015-08-04 22:42 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-04 21:45 - 2015-08-04 21:45 - 00223000 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKELL.sys
2015-08-04 21:45 - 2015-08-04 21:45 - 00070168 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades.sys
2015-08-03 19:57 - 2015-08-03 19:57 - 00440248 _____ C:\Windows\Minidump\080315-38859-01.dmp
2015-07-31 10:06 - 2015-08-26 14:52 - 00017927 _____ C:\Users\Riaan Nel\Desktop\SEPT ROOSTER.xlsx
2015-07-31 09:12 - 2015-06-04 17:14 - 00450831 _____ C:\Windows\system32\Drivers\etc\hosts.20150731-091202.backup

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-30 16:56 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-30 16:56 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-30 16:51 - 2011-01-26 12:15 - 01829349 _____ C:\Windows\WindowsUpdate.log
2015-08-30 16:45 - 2011-11-27 22:44 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-08-30 16:44 - 2009-07-14 06:39 - 00211782 _____ C:\Windows\setupact.log
2015-08-30 16:43 - 2011-08-25 17:26 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-30 16:43 - 2011-04-17 19:57 - 00000394 _____ C:\Windows\Tasks\Final Media Player Update Checker.job
2015-08-30 16:43 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-30 16:42 - 2012-08-10 23:02 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-30 16:42 - 2011-01-27 12:09 - 01408036 _____ C:\Windows\PFRO.log
2015-08-30 16:30 - 2011-08-25 17:26 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-30 15:42 - 2014-08-02 12:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 15:11 - 2011-07-08 17:35 - 00000000 ____D C:\Program Files\Java
2015-08-30 15:08 - 2011-07-08 17:35 - 00274016 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-08-30 15:08 - 2011-01-26 12:23 - 00000000 ____D C:\Users\Riaan Nel
2015-08-30 14:32 - 2014-08-02 14:59 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\Adobe
2015-08-30 14:29 - 2011-01-26 12:23 - 00001293 _____ C:\Users\Riaan Nel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-28 13:20 - 2011-04-22 13:16 - 00000000 ____D C:\Program Files\Activision
2015-08-28 13:17 - 2011-02-05 00:06 - 00000000 ____D C:\Program Files\Acro Software
2015-08-28 13:16 - 2015-07-15 18:29 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\NVIDIA
2015-08-28 13:10 - 2009-07-14 04:04 - 00000505 _____ C:\Windows\win.ini
2015-08-27 22:38 - 2011-03-20 16:04 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\Windows Live
2015-08-27 10:01 - 2013-09-06 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-08-26 07:51 - 2011-01-26 12:23 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-17 19:17 - 2013-08-31 17:56 - 462494866 _____ C:\Windows\MEMORY.DMP
2015-08-17 19:17 - 2011-04-25 19:15 - 00000000 ____D C:\Windows\Minidump
2015-08-17 18:39 - 2014-05-01 15:25 - 00057344 _____ C:\Users\Riaan Nel\AppData\Roaming\Picasso Album Maker Prefsv3
2015-08-17 18:39 - 2014-05-01 15:25 - 00000000 ____D C:\Users\Riaan Nel\Documents\Picasso Album Maker Projects
2015-08-17 16:35 - 2014-05-01 15:16 - 00000000 ____D C:\Program Files\Picasso Album Maker
2015-08-17 15:51 - 2014-12-08 18:24 - 00000000 ____D C:\Users\Riaan Nel\Desktop\35 NASSAU CRESCENT
2015-08-17 15:30 - 2011-04-17 14:34 - 00000000 ____D C:\Users\Riaan Nel\AppData\Local\CrashDumps
2015-08-14 16:07 - 2014-03-02 00:25 - 00110945 _____ C:\Windows\IE11_main.log
2015-08-14 12:57 - 2015-03-09 11:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 12:50 - 2014-12-17 12:37 - 00000000 ____D C:\Users\Riaan Nel\Desktop\LOCUM
2015-08-14 11:46 - 2015-01-06 21:44 - 00000000 ____D C:\Users\Riaan Nel\Desktop\2015
2015-08-14 11:44 - 2011-01-30 09:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-14 11:43 - 2015-03-09 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-14 11:41 - 2014-08-06 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-14 11:41 - 2012-08-10 23:01 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-14 11:39 - 2015-07-17 15:49 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-14 11:36 - 2014-03-02 00:30 - 00000000 ____D C:\Windows\system32\MRT
2015-08-14 11:29 - 2011-01-26 14:26 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-12 10:42 - 2012-08-11 13:36 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 10:42 - 2011-12-04 23:07 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-11 01:08 - 2015-07-17 15:48 - 00950352 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshim.dll
2015-08-11 01:08 - 2015-04-05 18:16 - 00113992 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-11 01:08 - 2014-08-06 16:31 - 15139256 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2015-08-11 01:08 - 2014-08-06 16:31 - 12886592 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2015-08-11 01:08 - 2014-08-06 16:31 - 03019128 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi.dll
2015-08-07 02:05 - 2015-06-04 18:54 - 02554672 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-08-07 02:05 - 2015-04-05 18:16 - 04386096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-08-07 02:05 - 2015-04-05 18:16 - 03020920 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc.dll
2015-08-07 02:05 - 2015-04-05 18:16 - 00670840 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-08-07 02:05 - 2015-04-05 18:16 - 00374904 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-08-07 02:05 - 2015-04-05 18:16 - 00061744 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-08-06 16:12 - 2013-07-05 21:35 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-08-05 09:49 - 2011-01-26 22:11 - 00007653 _____ C:\Users\Riaan Nel\AppData\Local\resmon.resmoncfg
2015-08-04 22:45 - 2011-01-26 14:35 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\Adobe
2015-08-03 12:05 - 2015-04-05 18:16 - 05133709 _____ C:\Windows\system32\nvcoproc.bin
2015-08-02 14:52 - 2015-04-03 09:22 - 00000000 ____D C:\Users\Riaan Nel\Desktop\Tillie Selfoon
2015-08-02 14:28 - 2009-07-14 06:53 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-31 09:00 - 2015-07-28 14:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-31 09:00 - 2014-05-19 19:51 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2

==================== Files in the root of some directories =======

2011-02-12 12:40 - 2011-02-12 12:40 - 0000604 ____H () C:\Program Files\STLL Notifier
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe
2014-05-01 15:25 - 2015-08-17 18:39 - 0057344 _____ () C:\Users\Riaan Nel\AppData\Roaming\Picasso Album Maker Prefsv3
2011-06-11 14:57 - 2011-06-11 14:58 - 0002048 _____ () C:\Users\Riaan Nel\AppData\Roaming\PICASSO Photobooks Prefs
2013-07-16 15:12 - 2013-07-16 15:16 - 145394418 _____ () C:\Users\Riaan Nel\AppData\Local\ACCCx189.zip.aamdownload
2013-07-16 15:12 - 2013-07-16 15:16 - 0001726 _____ () C:\Users\Riaan Nel\AppData\Local\ACCCx189.zip.aamdownload.aamd
2012-04-11 22:09 - 2014-06-09 19:56 - 0004608 _____ () C:\Users\Riaan Nel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-28 13:07 - 2015-08-28 13:07 - 0052736 _____ () C:\Users\Riaan Nel\AppData\Local\Lot-media.exe
2015-08-28 13:07 - 2015-08-28 13:07 - 0000187 _____ () C:\Users\Riaan Nel\AppData\Local\Lot-media.exe.config
2011-01-26 22:11 - 2015-08-05 09:49 - 0007653 _____ () C:\Users\Riaan Nel\AppData\Local\resmon.resmoncfg
2011-07-12 14:02 - 2011-07-12 14:02 - 0232496 ____R () C:\ProgramData\DeviceManager.xml.rc4
2013-05-29 22:07 - 2013-05-29 22:07 - 0148736 _____ (Avanquest Software) C:\ProgramData\hpe6190.dll
2011-04-25 22:48 - 2011-04-25 22:49 - 0000352 _____ () C:\ProgramData\hpzinstall.log
2013-02-02 12:46 - 2013-02-02 12:46 - 0002796 _____ () C:\ProgramData\LUUnInstall.LiveUpdate
2011-02-12 12:40 - 2011-02-12 12:40 - 0000604 ____H () C:\ProgramData\T2

Some files in TEMP:
====================
C:\Users\Riaan Nel\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-23 18:16

==================== End of FRST.txt ============================
Fluffy
2015-08-30, 18:30
Additional scan result of Farbar Recovery Scan Tool (x86) Version:30-08-2015
Ran by Riaan Nel (2015-08-30 17:15:45)
Running from C:\Users\Riaan Nel\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-444297693-2264169564-2716400923-500 - Administrator - Disabled)
Guest (S-1-5-21-444297693-2264169564-2716400923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-444297693-2264169564-2716400923-1002 - Limited - Enabled)
Riaan Nel (S-1-5-21-444297693-2264169564-2716400923-1000 - Administrator - Enabled) => C:\Users\Riaan Nel
UpdatusUser (S-1-5-21-444297693-2264169564-2716400923-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton 360 (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 Content (HKLM\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Album Maker (HKLM\...\Jetline-e.com_Album Maker) (Version: - )
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoGreen B09.1014.2 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (Version: 1.00.0000 - GIGABYTE) Hidden
Belarc Advisor 6.1 (HKLM\...\Belarc Advisor 2.0) (Version: - )
BitTorrent (HKU\S-1-5-21-444297693-2264169564-2716400923-1000\...\BitTorrent) (Version: 7.9.1.31141 - BitTorrent Inc.)
Browser Configuration Utility (HKLM\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION
Call of Duty Modern Warfare 2 (HKLM\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (Version: 1.4 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch (Version: 1.5 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7 - Activision) Hidden
Convert Audio Free FLAC to MP3 version 1.0 (HKLM\...\Convert Audio Free FLAC to MP3_is1) (Version: 1.0 - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DES 2.0 (HKLM\...\{675F86A8-E093-4002-87D5-915CC2C45571}) (Version: 1.00.0000 - Gigabyte)
Deus Ex Human Revolution version 1.0 (HKLM\...\{4L7IL77L-T4D4-75B1-98C3-11CD6E6334A3}_is1) (Version: 1.0 - )
Dropbox (HKU\S-1-5-21-444297693-2264169564-2716400923-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
Easy Tune 6 B10.0521.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (Version: 1.00.0000 - GIGABYTE) Hidden
Elements 10 Organizer (Version: 10.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
FINAL FANTASY VIII (HKLM\...\Steam App 39150) (Version: - SQUARE ENIX)
Final Media Player 2012 (HKLM\...\FinalMediaPlayer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ATTENTION
Free YouTube to MP3 TURBO Converter 2013 (HKLM\...\FreeYoutubeToMP3TURBOConverter_is1) (Version: - Bitberry Software)
Garmin Communicator Plugin (HKLM\...\{17079027-EB8A-42C6-9BF8-825B78889F6A}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM\...\{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Gigabyte Raid Configurer (HKLM\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.59.0 - GIGABYTE Technologies, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
HP Officejet 6500 E710a-f Basic Device Software (HKLM\...\{670A25D9-1029-4D4E-93FF-66B3C07769D6}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Help (HKLM\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Java 8 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LaserJet 1020 series (HKLM\...\HP-LaserJet 1020 series) (Version: - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Magic DVD Ripper V6.1.0 Xmas version (HKLM\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Minecraft1.6.1 (HKLM\...\Minecraft1.6.1) (Version: - )
MixPad (HKLM\...\MixPad) (Version: 3.56 - NCH Software)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiScreen (HKLM\...\{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}) (Version: 1.00.0000 - Samsung Electronics Ltd.)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Nero 9 Essentials (HKLM\...\{80d083e2-f342-450c-bd94-d73d11715cdb}) (Version: - Nero AG)
Norton 360 (HKLM\...\N360) (Version: 21.7.0.11 - Symantec Corporation)
Norton Internet Security (Version: 18.1.0.37 - Symantec Corporation) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.12.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.12.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OrderReminder HP LaserJet 1020 (HKLM\...\OrderReminder HP LaserJet 1020) (Version: 2.0 - )
Origin (HKLM\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Picasso Album Maker (HKU\S-1-5-21-444297693-2264169564-2716400923-1000\...\Picasso Album Maker) (Version: Picasso Album Maker 3.2.1 - Q-Photo)
Portal 2 (HKLM\...\Postal 2_is1) (Version: - )
PRE10STIInstaller (Version: 1.0 - Adobe Systems Incorporated) Hidden
Prototype(TM) (HKLM\...\InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}) (Version: 1.0 - Activision)
Prototype(TM) (Version: 1.0 - Activision) Hidden
PSE10 STI Installer (Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Rapport (Version: 3.5.1507.63 - Trusteer) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
Sentinel System Driver (HKLM\...\{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}) (Version: 5.39.2 - Rainbow Technologies)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.12.11 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart 6 B10.0422.1 (HKLM\...\{3B35725F-C623-4A1E-B5CC-99C0868679E3}) (Version: 1.00.0000 - GIGABYTE)
SmartSound Premiere Elements 10 Plugin (HKLM\...\{0E16C1BC-72A7-4DB7-BBB8-560EDCCA74B5}) (Version: 5.70.0001 - SmartSound Software Inc.)
Sniper Ghost Warrior 2 version 5.1 (HKLM\...\{EE3CF57E-11C2-4C1D-A8DC-69C3D800E933}_is1) (Version: 5.1 - Black_Box)
Solid Edge V14 (HKLM\...\{773E25B1-3987-4E6B-B786-1764E232D975}) (Version: 14.00.0070 - EDS)
Sony Ericsson PC Suite 6.011.00 (HKLM\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.011.00 - Sony Ericsson)
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.6.201305161305 - Sony Ericsson Communications AB)
Sony Ericsson Update Service (HKLM\...\Update Service) (Version: 2.11.12.5 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.155 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.155 - Sony)
SoundTap Streaming Audio Recorder (HKLM\...\SoundTap) (Version: 2.31 - NCH Software)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Steam (HKLM\...\Steam) (Version: - Valve Corporation)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1507.63 - Trusteer)
Unified Remote (HKLM\...\{F9CFFF94-4077-417B-87B0-C5B75F5D7707}) (Version: 2.14.0.0 - Unified Remote)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
USB 2.0 PC Camera Driver (HKLM\...\{E398E7CC-30B8-4D63-B07B-741163A12565}) (Version: 100.000.070814 - )
Vodafone Mobile Broadband Lite (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.302.33178 - Vodafone)
WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software)
Windows Driver Package - USB 2.0 PC Camera Driver (11/11/2009 6.0.9.2) (HKLM\...\CC4F79A70CED986D84C314EE19C53A8432A5C3C7) (Version: 11/11/2009 6.0.9.2 - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Hewlett-Packard Image (12/28/2006 8.0.0.0) (HKLM\...\4C806F98217A7FD4E853F458FF399F052625F21C) (Version: 12/28/2006 8.0.0.0 - Hewlett-Packard)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
YTD Video Downloader 4.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION
Zynewave Podium Free 3.2.1 (HKLM\...\{1C1CCE1B-2BF8-435F-B9BC-62849BB0C9CF}) (Version: 3.2.1 - Zynewave)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{052DB226-BE3B-44D4-B932-9C8049B2110B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Local\Microsoft\Windows Sidebar\Gadgets\VolumeGadget[1].gadget\dlls\VolumeControl32.dll (Indev)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{7BCD76A2-E9A0-4332-BE18-9D7D40288621}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-444297693-2264169564-2716400923-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

27-08-2015 10:29:37 Automatic creation
28-08-2015 13:05:36 Automatic creation
30-08-2015 14:52:13 Automatic creation
30-08-2015 17:13:14 Automatic creation

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-08-30 16:18 - 00450831 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C8DBA83-F8A8-44AE-BC17-A7CD56864B3B} - System32\Tasks\{BFE47267-5BB1-4BA0-B13E-B6024D4E130C} => pcalua.exe -a G:\setup.exe -d G:\
Task: {10BC23B4-1C7A-4253-9A73-3E4E0DD2832D} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {2074A550-E5B3-488B-AF9D-AECD852707EA} - System32\Tasks\{E41349E9-6209-46F6-9948-24614DF34F3A} => pcalua.exe -a "C:\Users\Riaan Nel\Downloads\winsdk_web.exe" -d "C:\Users\Riaan Nel\Downloads"
Task: {2E0D13D3-60AD-42C3-A4E3-D2668C09C559} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {2FDB664A-37F6-46F2-B547-8B76F3CA3AFA} - System32\Tasks\{BEF8353B-4D0E-4020-95A5-019821228592} => pcalua.exe -a "C:\Users\Riaan Nel\Desktop\eragon_saver.exe" -d "C:\Users\Riaan Nel\Desktop"
Task: {34055A5B-9975-40EA-A8E1-D4DEEF4C9F40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {39522086-C218-4BBE-91DD-179E5B058ACB} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {40B18A6C-DE56-4AF5-A43E-2363CF740C4C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4A919B88-2942-40FD-B5A2-554A0A7BEFAC} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {52CE44EF-EC85-4D60-B00C-26A55E509A00} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SRFilter.exe" /GBSMART6 -kdl
Task: {56511039-EDC8-4DF3-92E3-2243FC7B3C8E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {572AAABB-B516-4F4A-9CE3-1324449DF971} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {5E9D0A76-8D7D-4C31-A17E-77829F21F33E} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
Task: {5EF5D75E-8999-4918-B9D4-075728A86543} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {68166B4E-9B27-4599-8A18-9EF5FD53C52D} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
Task: {7409351C-6D82-4D97-9831-8D442FAB2CE1} - System32\Tasks\{9BAA2B07-A2F2-46E3-A34B-B51A99AED629} => pcalua.exe -a "C:\Program Files\MonitorDriver\MonSetup.exe" -d "C:\Users\Riaan Nel\Desktop"
Task: {83C612CD-96F9-4A7D-8252-8D3324A618A4} - System32\Tasks\Final Media Player Update Checker => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-09-02] (Bitberry Software)
Task: {927A63C7-927A-4ABB-9A0C-E546F819983E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {965AF130-2446-4959-9471-25DD739B5415} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {A05E21DA-F739-4911-9069-9F56C5668906} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {A9269E43-DBB5-41B2-ABC1-81059AE9E90B} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: {ADEAA76A-DD55-44C7-82BF-5C8505B8A48C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2014-04-25] (Safer-Networking Ltd.)
Task: {C129B3D8-8A12-45CB-8A78-484EBAE55753} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {D2220DE8-2932-46CF-A071-15E2C77BB12F} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe [2015-08-28] (OB) <==== ATTENTION
Task: {D55EEB17-A73C-48A2-B74C-8FCD195FA7B4} - System32\Tasks\{3ACE792C-E5A8-49BC-BEF9-5C2832615C81} => pcalua.exe -a "F:\Install files\USBDrivers_23.exe" -d "F:\Install files"
Task: {DD4A5F91-8F8A-47F5-9A6A-EA2E799373A0} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\Smart6\Recovery\SrCmdCLR.exe" -c 1
Task: {ECF5E004-2ED6-437F-B474-EA6F5BF10117} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F3AE678D-8BEE-4357-AECE-E8E48689C894} - System32\Tasks\{ABC3CC8F-9879-4F4E-899B-E31E652BE121} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {F3FEFB83-0C6A-492A-A14E-2444D6D1C7CA} - System32\Tasks\AdobeAAMUpdater-1.0-RiaanNel-PC-Riaan Nel => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {FF3C717F-E3D9-4903-ABB6-E944098C0BD0} - System32\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe [2015-04-20] () <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe <==== ATTENTION
Task: C:\Windows\Tasks\Final Media Player Update Checker.job => C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-05 18:16 - 2015-08-07 02:05 - 00106288 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2011-02-05 00:06 - 2012-10-04 19:50 - 00088688 _____ () C:\Windows\System32\cpwmon2k.dll
2011-01-26 13:37 - 2009-08-11 13:54 - 00094208 _____ () C:\Program Files\MultiScreen\TitleBar.dll
2015-08-28 09:40 - 2015-08-28 09:40 - 00354816 _____ () C:\Program Files\SFK\SFKEX.dll
2014-05-19 19:51 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-05-19 19:51 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2011-01-26 13:16 - 2009-06-17 16:13 - 00068136 _____ () C:\Program Files\GIGABYTE\EnergySaver2\des2svr.exe
2011-01-26 13:16 - 2009-05-04 17:56 - 00102400 _____ () C:\Program Files\GIGABYTE\EnergySaver2\ycc.dll
2015-08-27 10:20 - 2015-08-27 10:20 - 00033792 _____ () C:\ProgramData\ExtTag\ExtTag.exe
2015-07-21 17:02 - 2015-07-21 17:02 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2011-01-26 12:43 - 2010-09-07 11:46 - 00072280 ____R () C:\Windows\System32\XSrvSetup.exe
2015-08-27 10:48 - 2015-08-27 10:48 - 00379904 _____ () C:\Program Files\NixSrv\NixSrv.exe
2015-07-17 14:23 - 2015-07-24 06:22 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
2014-05-19 19:51 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-05-19 19:51 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-05-19 19:51 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-17 18:52 - 2015-08-17 18:52 - 00109568 _____ () C:\Program Files\SFK\SFKEX.exe
2015-08-30 14:22 - 2015-08-30 14:22 - 00855040 _____ () C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe
2011-01-26 13:15 - 2009-12-01 14:13 - 00035880 _____ () C:\Program Files\GIGABYTE\smart6\dbios\SDBMSG.exe
2011-01-26 13:15 - 2009-06-10 16:28 - 00106496 _____ () C:\Program Files\GIGABYTE\smart6\dbios\DBIOS.dll
2011-01-26 13:37 - 2009-08-11 13:57 - 00303104 _____ () C:\Program Files\MultiScreen\MultiScreen.exe
2011-01-26 13:37 - 2009-08-11 13:54 - 00053248 _____ () C:\Program Files\MultiScreen\SmartMouseDll.dll
2011-01-26 13:37 - 2009-08-11 13:56 - 00053248 _____ () C:\Program Files\MultiScreen\MGResEng.dll
2015-08-30 14:24 - 2015-08-30 14:24 - 00150528 _____ () C:\ProgramData\ExtTag\Zaamstock.exe
2015-08-30 14:24 - 2015-08-30 14:24 - 00194560 _____ () C:\ProgramData\ExtTag\FinLex.dll
2015-08-30 14:24 - 2015-08-30 14:24 - 00364032 _____ () C:\ProgramData\ExtTag\OzerZumtax.dll
2015-08-28 13:17 - 2015-08-28 13:17 - 00183296 _____ () C:\Program Files\0f705ca4-eec7-4274-9270-d7599ae20ac0\c6980348-9af8-445a-8ff9-f44fe6dc4f41.dll
2015-08-23 17:40 - 2015-08-18 07:23 - 01405768 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-23 17:40 - 2015-08-18 07:23 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-23 17:40 - 2015-08-18 07:23 - 16393032 _____ () C:\Program Files\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:B755D674

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7869 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Riaan Nel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCU => "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe"
MSCONFIG\startupreg: HDD Regenerator => "C:\Program Files\HDD Regenerator\Shell.exe" /1
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{1B241E82-3154-4B0C-8920-7C223DF0AE37}C:\program files\mfp server utilities\mfpagent.exe] => (Allow) C:\program files\mfp server utilities\mfpagent.exe
FirewallRules: [UDP Query User{67FCA3D7-1D21-46DE-A6D0-4C7E4463D464}C:\program files\mfp server utilities\mfpagent.exe] => (Allow) C:\program files\mfp server utilities\mfpagent.exe
FirewallRules: [{0F22F96E-65A9-4265-8415-F2112C75E49E}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{8C2DB2AF-8D5B-4A8B-B57A-6CE99BFCDA2E}] => (Allow) C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{452A1900-D681-415A-8A4C-93F4BF61E10E}] => (Allow) C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{AE476150-6068-4E95-9533-62B251D7F0A4}] => (Allow) C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{CE5146A6-06D6-4908-A007-0E9C18039B28}] => (Allow) C:\Users\Riaan Nel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9AF71E7C-C445-46ED-90DE-4BCFF149E603}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{2E70FF8D-E5A3-4A7F-9DBA-27AE3D134B87}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{4F3F7E7B-07BA-4383-A94E-8066E998C782}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{AAA5F2E5-11BB-46E7-8181-CC2965F4624F}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{9A99E5AB-DC2A-4F19-8505-3F1FA3CDC8B3}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{10BB409E-0993-47AC-9766-531152384D68}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{9B1E01C7-200D-420B-8871-D782B26A0995}C:\program files\bittorrent\bittorrent.exe] => (Allow) C:\program files\bittorrent\bittorrent.exe
FirewallRules: [{A5805391-490D-46B5-82AE-758D124AB81F}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{23AB6082-3525-41C4-BB62-320F8A03BA6B}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{58B9269A-C537-47C1-8C4D-E78955E642A3}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{9EC0A09D-A3C2-48A4-ACD7-5042C65198B7}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{9CB8008B-180E-474C-8CC6-42425FC0915A}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{28427DD3-81CB-4836-BE5C-68CBEEBB2CAD}] => (Allow) C:\Program Files\Sony Ericsson\Update Engine\Sony Ericsson Update Engine.exe
FirewallRules: [{1F9A0CDF-86C8-49E2-8A66-858F213B5305}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{D76BDD7D-2B88-4C1E-ABE2-258E46BC9B5E}] => (Allow) C:\Program Files\Sony Ericsson\Update Service\Update Service.exe
FirewallRules: [{45DA1E8F-CC10-446D-B2A8-EA0D08B67440}] => (Allow) C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe
FirewallRules: [{EBD8D0C1-1421-4617-944A-EBAF6DFDBF40}] => (Allow) F:\Program Files\Activision\Prototype\prototypef.exe
FirewallRules: [{8C6DC54E-F630-438F-82EF-209CBC32E866}] => (Allow) F:\Program Files\Activision\Prototype\prototypef.exe
FirewallRules: [{60E1AA5D-140D-4AD4-8757-925A059554E2}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{37A432FC-285C-4EF0-8222-81797403B563}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{D3FF7B2C-F07F-4D5E-97CD-19B62C84D5CC}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{1D1B362F-725F-4140-BB66-6C6128BFB0A8}] => (Allow) C:\Program Files\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{017347DD-69BA-47FA-981F-0CC7D2F99CA9}] => (Allow) C:\Program Files\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{737618E4-5C50-48F1-9045-BE0889447286}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{B7EDDDA6-6FED-4DB3-A3CE-A543908B5A9D}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{355AD78E-779F-4429-8642-3ED6CD054667}] => (Allow) LPort=2869
FirewallRules: [{BD2F60C2-B8F9-4C4D-940F-F49EF03F5B37}] => (Allow) LPort=1900
FirewallRules: [{0285DF9F-02EC-459B-8DDB-7473E9E66FB0}] => (Allow) C:\Users\Riaan Nel\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6A90D0C2-12BE-4992-8624-86FE00E87F46}] => (Allow) C:\Users\Riaan Nel\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1FAFF5B4-0CF6-483B-990E-AE05016B07CF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{970D4AAC-9BD2-49F8-B4DD-EC55D6F5B3A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DA833415-1E42-42C8-BDEB-424D28C78A0D}] => (Allow) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0CDA99E6-A629-472D-97D4-4C75AAC3DABF}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{F1C4C8DA-12FC-4918-9EDD-5585E168F281}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{A6585536-C888-4440-A748-07CA78E274C7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{FFAEE5F2-A8EE-40ED-8540-517D99A966F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CAED7646-56EC-412A-9BC4-9552462BC91A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{24772FD0-D124-4DD7-9CFF-AFF39ABE725B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B13EDCBB-F756-4CB3-8656-F3BC2574CB21}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E97A934F-1C47-4C0B-9AB3-B246CC9843A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1074EDD8-E80D-42F4-A6A7-74689B1EE60C}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E3009009-A4C6-45DB-B6D8-1201F81E3E10}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/30/2015 05:13:08 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {c545ca80-9abd-42d0-a1a2-41791d8bb170}

Error: (08/30/2015 04:45:07 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (08/30/2015 02:52:11 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {4eeddaf9-badf-4251-b0bc-329ffbfc4906}

Error: (08/30/2015 02:23:06 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (08/28/2015 04:28:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/28/2015 01:15:55 PM) (Source: MsiInstaller) (EventID: 11316) (User: RiaanNel-PC)
Description: Product: globalupdate Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi

Error: (08/28/2015 01:14:43 PM) (Source: MsiInstaller) (EventID: 11316) (User: RiaanNel-PC)
Description: Product: globalupdate Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\globalUpdate\Update\1.3.25.0\GoogleUpdateHelper.msi

Error: (08/28/2015 01:05:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {1ed99ceb-b248-40e1-b28a-b72d98ce19eb}

Error: (08/28/2015 12:35:55 PM) (Source: VmbService) (EventID: 0) (User: )
Description: conflictManagerTypeValue

Error: (08/27/2015 10:33:11 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/30/2015 04:44:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ontotax service failed to start due to the following error:
%%193

Error: (08/30/2015 04:44:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/30/2015 04:42:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MFP Server Enhanced Controller service failed to start due to the following error:
%%2

Error: (08/30/2015 04:42:47 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (08/30/2015 03:27:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LavasoftTcpService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/30/2015 03:27:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (08/30/2015 03:26:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ExtTag service terminated unexpectedly. It has done this 1 time(s).

Error: (08/30/2015 02:24:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/30/2015 02:22:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ontotax service failed to start due to the following error:
%%193

Error: (08/30/2015 02:21:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MFP Server Enhanced Controller service failed to start due to the following error:
%%2


Microsoft Office:
=========================
Error: (02/05/2011 11:36:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7553 seconds with 6840 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 661 @ 3.33GHz
Percentage of memory in use: 52%
Total physical RAM: 3575.49 MB
Available physical RAM: 1687.69 MB
Total Virtual: 7149.27 MB
Available Virtual: 4620.29 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:232.88 GB) (Free:118.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RIAAN PERSOONLIK 100G) (Fixed) (Total:92.81 GB) (Free:25.85 GB) NTFS
Drive e: (VIDEO) (Fixed) (Total:93.5 GB) (Free:51.31 GB) NTFS
Drive f: (TERRA 2) (Fixed) (Total:1863.01 GB) (Free:1575.86 GB) NTFS
Drive i: (OLD MAIN) (Fixed) (Total:74.53 GB) (Free:17.99 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 211C599E)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 9F709F70)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 186.3 GB) (Disk ID: 1F7F2FBE)
Partition 1: (Not Active) - (Size=92.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=93.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7734B1D9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Fluffy
2015-08-30, 18:32
I will post the aswMBR file as soon as possible...
Fluffy
2015-08-30, 21:54
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-08-30 17:20:20
-----------------------------
17:20:20.717 OS Version: Windows 6.1.7601 Service Pack 1
17:20:20.717 Number of processors: 4 586 0x2505
17:20:20.718 ComputerName: RIAANNEL-PC UserName: Riaan Nel
17:20:22.784 Initialize success
17:20:22.940 VM: initialized successfully
17:20:22.942 VM: Intel CPU supported
17:20:35.369 VM: disk I/O atapi.sys
17:52:52.508 AVAST engine defs: 15083000
20:01:48.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
20:01:48.854 Disk 0 Vendor: ST3250823AS 3.03 Size: 238474MB BusType: 3
20:01:48.861 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
20:01:48.879 Disk 1 Vendor: ST380023A 3.33 Size: 76318MB BusType: 3
20:01:48.887 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-2
20:01:48.896 Disk 2 Vendor: ST3200822AS 3.01 Size: 190782MB BusType: 3
20:01:48.920 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP2T1L0-8
20:01:48.928 Disk 3 Vendor: ST2000DM001-9YN164 CC4C Size: 1907729MB BusType: 3
20:01:48.964 Disk 0 MBR read successfully
20:01:48.972 Disk 0 MBR scan
20:01:48.993 Disk 0 Windows 7 default MBR code
20:01:49.004 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238472 MB offset 63
20:01:49.031 Disk 0 default boot code
20:01:49.048 Disk 0 scanning sectors +488392065
20:01:49.114 Disk 0 scanning C:\Windows\system32\drivers
20:02:04.235 Service scanning
20:02:07.555 Service BHDrvx86 C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\BASHDefs\20150810.001\BHDrvx86.sys **LOCKED** 5
20:02:08.476 Service ccSet_N360 C:\Windows\system32\drivers\N360\1507000.00B\ccSetx86.sys **LOCKED** 5
20:02:10.421 Service eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys **LOCKED** 5
20:02:10.860 Service EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
20:02:13.925 Service IDSVix86 C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\IPSDefs\20150811.001\IDSvix86.sys **LOCKED** 5
20:02:18.399 Service NAVENG C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150811.009\NAVENG.SYS **LOCKED** 5
20:02:18.547 Service NAVEX15 C:\Program Files\Norton 360\NortonData\21.5.0.19\Definitions\VirusDefs\20150811.009\NAVEX15.SYS **LOCKED** 5
20:02:19.759 Service NixSrv C:\Program Files\NixSrv\NixSrv.exe **INFECTED** Win32:Rootkit-gen [Rtk]
20:02:28.712 Service SRTSPX C:\Windows\system32\drivers\N360\1507000.00B\SRTSPX.SYS **LOCKED** 5
20:02:29.894 Service SymDS C:\Windows\system32\drivers\N360\1507000.00B\SYMDS.SYS **LOCKED** 5
20:02:30.025 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS **LOCKED** 5
20:02:30.105 Service SymIRON C:\Windows\system32\drivers\N360\1507000.00B\Ironx86.SYS **LOCKED** 5
20:02:30.199 Service SymNetS C:\Windows\System32\Drivers\N360\1507000.00B\SYMNETS.SYS **LOCKED** 5
20:02:32.027 Service updvte C:\Users\Riaan Nel\AppData\Local\Lot-media.exe **INFECTED** Win32:Malware-gen
20:02:37.248 Modules scanning
20:02:37.260 Disk 0 trace - called modules:
20:02:37.277 ntkrnlpa.exe CLASSPNP.SYS disk.sys vsflt53.sys halmacpi.dll ACPI.sys >>UNKNOWN [0x866f21f8]<<
20:02:37.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x876c67a8]
20:02:37.298 3 CLASSPNP.SYS[8d7dc59e] -> nt!IofCallDriver -> [0x876c5720]
20:02:37.315 5 vsflt53.sys[8d496c2b] -> nt!IofCallDriver -> [0x8741d8f0]
20:02:37.328 7 ACPI.sys[8d4303d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0x8747b908]
20:02:37.338 \Driver\atapi[0x87463d50] -> IRP_MJ_CREATE -> 0x866f21f8
20:02:38.403 AVAST engine scan C:\Windows
20:02:41.911 AVAST engine scan C:\Windows\system32
20:06:09.089 AVAST engine scan C:\Windows\system32\drivers
20:06:31.193 AVAST engine scan C:\Users\Riaan Nel
20:07:58.080 File: C:\Users\Riaan Nel\AppData\Local\Lot-media.exe **INFECTED** Win32:Malware-gen
20:34:46.194 AVAST engine scan C:\ProgramData
20:44:15.893 Disk 0 statistics 5865972/0/0 @ 1.40 MB/s
20:44:15.905 Scan finished successfully
20:45:02.076 Disk 0 MBR has been saved successfully to "C:\Users\Riaan Nel\Desktop\MBR.dat"
20:45:02.092 The log file has been saved successfully to "C:\Users\Riaan Nel\Desktop\aswMBR.txt"



---- Something else I neglected to mention previously, I am unable to install any newer IE version after IE 9. I struggled for a long time with this and tried several fixes as recommended by the Windows Expert round about February, without any success. I eventually gave up on it and just started using Firefox/Chrome. Now I am subsequently also not been able to upgrade to Windows 10 either, as apparently it requires IE 11. My Windows 7 (Genuine) does not give me the Upgrade App as it is supposed to. Don't know if this might also be related to the above problems.
Juliet
2015-08-31, 16:04
http://i.imgur.com/goGMWSt.gifP2P Warning

------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

**
The below items listed need to be uninstalled/removed using your add/remove programs.
If a program will not remove skip it and keep following the rest of the instructions please, let me know which ones wont uninstall.

Browser Configuration Utility (HKLM\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION
Final Media Player 2012 (HKLM\...\FinalMediaPlayer_is1) (Version: 2012.10.9.0 - Bitberry Software) <==== ATTENTION
YTD Video Downloader 4.9 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9 - GreenTree Applications SRL) <==== ATTENTION

~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
Task: {68166B4E-9B27-4599-8A18-9EF5FD53C52D} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
Task: {5E9D0A76-8D7D-4C31-A17E-77829F21F33E} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
C:\Program Files\SFK\SSFK.exe
C:\Program Files\SFK\SFKEX.exe
C:\Program Files\SFK
C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe
C:\ProgramData\ExtTag\Zaamstock.exe
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1440760054&z=54f83e43e617994f95f37d7g3zaz0e9meqaefgecee&from=obw&uid=ST3250823AS_5ND3BHZBXXXX5ND3BHZB
FF Homepage: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
FF NewTab: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
C:\ProgramData\ExtTag\ExtTag.exe
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed] <==== ATTENTION
R2 SSFK; C:\Program Files\SFK\SSFK.exe [448000 2015-08-28]
S2 updvte; C:\Users\Riaan Nel\AppData\Local\Lot-media.exe [52736 2015-08-28] () [File not signed]
2015-08-28 13:12 - 2015-08-28 13:13 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\istartsurf
2015-08-28 13:07 - 2015-08-28 14:07 - 00000000 ____D C:\Program Files\NixSrv
C:\Users\Riaan Nel\AppData\Local\Temp\ose00000.exe
Task: {965AF130-2446-4959-9471-25DD739B5415} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {A9269E43-DBB5-41B2-ABC1-81059AE9E90B} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: {C129B3D8-8A12-45CB-8A78-484EBAE55753} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {D2220DE8-2932-46CF-A071-15E2C77BB12F} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe [2015-08-28] (OB) <==== ATTENTION
Task: {FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {FF3C717F-E3D9-4903-ABB6-E944098C0BD0} - System32\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe <==== ATTENTION
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~~~`

Please don't be overwhelmed with the list of tools I'm posting for you to scan with. Each one should find a little something to help clean the computer.
If at any point you have questions or if something isn't working as planned, skip it and go to the next.

~~~~~~~~~~~~~~~~~~

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP




Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes


~~~~~~~~~~~~~~~~~~~~~~``
IF you have problems opening and finding the log to post


http://i24.photobucket.com/albums/c30/ken545/MBAM%20Application_zps7zm0ftdm.png (http://s24.photobucket.com/user/ken545/media/MBAM%20Application_zps7zm0ftdm.png.html)

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this



http://i24.photobucket.com/albums/c30/ken545/MBAM%20Export_zpsjbtttjun.jpg (http://s24.photobucket.com/user/ken545/media/MBAM%20Export_zpsjbtttjun.jpg.html)

6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread


~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
Malwarebytes log
AdwCleaner[CX].txt
JRT.txt
Fluffy
2015-09-01, 12:57
Hi,

please find the logs below as requested.

I have also removed all the programs as requested, without problems.

Fix result of Farbar Recovery Scan Tool (x86) Version:30-08-2015
Ran by Riaan Nel (2015-08-31 16:40:22) Run:1
Running from C:\Users\Riaan Nel\Desktop
Loaded Profiles: Riaan Nel (Available Profiles: Riaan Nel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {68166B4E-9B27-4599-8A18-9EF5FD53C52D} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
Task: {5E9D0A76-8D7D-4C31-A17E-77829F21F33E} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe [2015-08-28] (OB) <==== ATTENTION
C:\Program Files\SFK\SSFK.exe
C:\Program Files\SFK\SFKEX.exe
C:\Program Files\SFK
C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe
C:\ProgramData\ExtTag\Zaamstock.exe
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
SearchScopes: HKU\S-1-5-21-444297693-2264169564-2716400923-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.istartsurf.com/?type=sc&ts=1440760054&z=54f83e43e617994f95f37d7g3zaz0e9meqaefgecee&from=obw&uid=ST3250823AS_5ND3BHZBXXXX5ND3BHZB
FF Homepage: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
FF NewTab: hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVc10LodNmSHz1i0FugpAW8314UUtUUEKG8yhwFXiWN5wJYIj83EPv_dkI8HuZie3LzPna7ty6lh1tD0
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
C:\ProgramData\ExtTag\ExtTag.exe
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed] <==== ATTENTION
R2 SSFK; C:\Program Files\SFK\SSFK.exe [448000 2015-08-28]
S2 updvte; C:\Users\Riaan Nel\AppData\Local\Lot-media.exe [52736 2015-08-28] () [File not signed]
2015-08-28 13:12 - 2015-08-28 13:13 - 00000000 ____D C:\Users\Riaan Nel\AppData\Roaming\istartsurf
2015-08-28 13:07 - 2015-08-28 14:07 - 00000000 ____D C:\Program Files\NixSrv
C:\Users\Riaan Nel\AppData\Local\Temp\ose00000.exe
Task: {965AF130-2446-4959-9471-25DD739B5415} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {A9269E43-DBB5-41B2-ABC1-81059AE9E90B} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: {C129B3D8-8A12-45CB-8A78-484EBAE55753} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe [2015-08-28] (OB) <==== ATTENTION
Task: {D2220DE8-2932-46CF-A071-15E2C77BB12F} - System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe [2015-08-28] (OB) <==== ATTENTION
Task: {FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {FF3C717F-E3D9-4903-ABB6-E944098C0BD0} - System32\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe [2015-04-20] () <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job => C:\Program Files\SavePass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job => C:\Users\Riaan Nel\AppData\Roaming\atSFQS1rBZ3lbTAqGUWmZlNN.exe <==== ATTENTION
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68166B4E-9B27-4599-8A18-9EF5FD53C52D} => key not found.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-5 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E9D0A76-8D7D-4C31-A17E-77829F21F33E} => key not found.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-5_user => key not found.
"C:\Program Files\SFK\SSFK.exe" => File/Folder not found.
"C:\Program Files\SFK\SFKEX.exe" => File/Folder not found.
"C:\Program Files\SFK" => File/Folder not found.
"C:\Program Files\NixSrv\packages\c3cd72eb-e609-45a2-97c2-d2479f8fa73d\NixHost.exe" => File/Folder not found.
C:\ProgramData\ExtTag\Zaamstock.exe => moved successfully
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully.
HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully.
HKCR\CLSID\ielnksrch => key not found.
"HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully.
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "homepage" removed successfully.
Firefox "newtab" removed successfully.
ExtTag => service not found.
"C:\ProgramData\ExtTag\ExtTag.exe" => File/Folder not found.
NixSrv => service removed successfully.
SSFK => service removed successfully.
updvte => service removed successfully.
C:\Users\Riaan Nel\AppData\Roaming\istartsurf => moved successfully
"C:\Program Files\NixSrv" => File/Folder not found.
C:\Users\Riaan Nel\AppData\Local\Temp\ose00000.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{965AF130-2446-4959-9471-25DD739B5415} => key not found.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-1-6 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A7F30F-C622-4D72-8F2F-CBCABBE1FB69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9269E43-DBB5-41B2-ABC1-81059AE9E90B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9269E43-DBB5-41B2-ABC1-81059AE9E90B}" => key removed successfully.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-7" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C129B3D8-8A12-45CB-8A78-484EBAE55753} => key not found.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-6 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2220DE8-2932-46CF-A071-15E2C77BB12F} => key not found.
C:\Windows\System32\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aab96cd1-6eaa-4846-92fd-660511195439-1-7 => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDFBAD9-E558-45FF-87F0-5F2E3E1DE836}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF3C717F-E3D9-4903-ABB6-E944098C0BD0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF3C717F-E3D9-4903-ABB6-E944098C0BD0}" => key removed successfully.
C:\Windows\System32\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\atSFQS1rBZ3lbTAqGUWmZlNN" => key removed successfully.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-6.job => not found.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-1-7.job => not found.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5.job => not found.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-5_user.job => not found.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-6.job => not found.
C:\Windows\Tasks\aab96cd1-6eaa-4846-92fd-660511195439-7.job => moved successfully
C:\Windows\Tasks\atSFQS1rBZ3lbTAqGUWmZlNN.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 686.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:44:23 ====





Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2015/08/31
Scan Time: 05:03 PM
Logfile: MalwareLog.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.31.02
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Riaan Nel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 472647
Time Elapsed: 39 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 24
PUP.Optional.HighDefAction, HKLM\SOFTWARE\HighDefAction, Quarantined, [055936d998f37fb702cce4afe32137c9],
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\istartsurfSoftware, Quarantined, [bf9f25ea7417aa8ccc8ca28d1ee58f71],
PUP.Optional.SavePass, HKLM\SOFTWARE\SavePass 1.1, Quarantined, [cf8fed223556092de9799a111ce845bb],
PUP.Optional.SavePass, HKLM\SOFTWARE\SavePass 1.1-nv, Quarantined, [6bf3ac630d7e71c597cbd2d957ad8d73],
PUP.Optional.SavePass, HKLM\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [afaff916ec9ff640144e931819eb2ed2],
PUP.Optional.YorkNewCin, HKLM\SOFTWARE\YorkNewCin, Quarantined, [06582ce3a0ebff37d805605db15320e0],
PUP.Optional.CrossRider, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [243a070874171620eea7becacd37ea16],
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD, Quarantined, [a7b7c24d0b809c9acff4394884800df3],
PUP.Optional.CrossRider, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [b8a66ea1dab14cea86180c7c64a0e61a],
PUP.Optional.SavePass, HKU\S-1-5-18\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [7ce24cc38efd2016a1bd74376f954eb2],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, Quarantined, [81dddd32543790a6133deb9c46bea55b],
PUP.Optional.CrossRider, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\Cinem Plus 2.4cV28.08-nv-ie, Quarantined, [a6b88689216ab581c0793a4d39cb619f],
PUP.Optional.HighDefAction, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\HighDefAction, Quarantined, [0d5112fde0ab171fe6e7dfb4df25827e],
PUP.Optional.SavePass, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\SavePass 1.1-nv-ie, Quarantined, [70eede31f992fc3afc62fbb037cd926e],
PUP.Optional.YorkNewCin, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\YorkNewCin, Quarantined, [9dc1ad62d9b2b4823ca04a73c53fc838],
PUP.Optional.Conduit, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [e975a36c0b80c3738f4c6b18c341c040],
PUP.Optional.CrossRider, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [57078e81d7b4181ea6aafa8d6b99956b],
PUP.Optional.CinemaPlus, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\ARENAHD, Quarantined, [243ae52ad1ba1a1c386cff822ada649c],
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, Quarantined, [134bb15e28633ef8ad259bf66c98cf31],
PUP.Optional.CrossRider, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\29777, Quarantined, [e876d53af299f04668fd04833aca0df3],
PUP.Optional.CrossRider, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\OB, Quarantined, [76e83fd0f893df57ad662e5a29dbc838],
PUP.Optional.Spigot, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{268C499D-539E-4660-9550-610C05F59C45}, Quarantined, [b7a748c793f84beb8e908b27ec18d32d],
PUP.Optional.YahooVNM, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}, Quarantined, [134bbc53e1aa1521d5e804b99e6617e9],
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB, Quarantined, [64facb444a4155e135f4faaac341e719],

Registry Values: 17
PUP.Optional.CinemaPlus, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [a7b7c24d0b809c9acff4394884800df3]
PUP.Optional.PCTuner, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [1846e02fcac1a39369cad2d37292eb15]
PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}, Quarantined, [590540cf494292a4e54a8ee406fed32d]
PUP.Optional.Linkury, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSFRec&co=ZA&userid=3d62a4c8-374c-f85f-15c2-6fc95844d8e2&searchtype=sc&installDate=30/08/2015&barcodeid=50045888&channelid=888, Quarantined, [2935d03fd7b40b2b1e9c5742659f8e72]
PUP.Optional.Linkury, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\ENVIRONMENT|SNF, C:\ProgramData\ExtTags\snp.sc, Quarantined, [82dcf81777144aecf9c0c4d507fd6d93]
PUP.Optional.CinemaPlus, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\ARENAHD|value, 1, Quarantined, [243ae52ad1ba1a1c386cff822ada649c]
PUP.Optional.GlobalUpdate, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, IE, Quarantined, [134bb15e28633ef8ad259bf66c98cf31]
PUP.Optional.PCTuner, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [154937d8147769cda689c9dcb84c966a]
PUP.Optional.Spigot, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{268C499D-539E-4660-9550-610C05F59C45}|URL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}, Quarantined, [b7a748c793f84beb8e908b27ec18d32d]
PUP.Optional.Spigot, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{268C499D-539E-4660-9550-610C05F59C45}|OSDFileURL, file:///C:/Program%20Files/Common%20Files/Spigot/Search%20Settings/yahoo_ie.xml, Quarantined, [3727bc53c7c4a2944dd2ecc6986c52ae]
PUP.Optional.YahooVNM, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{C0C3A6C6-03BC-4195-8FCB-AEA091301353}|URL, https://za.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_150830__yaie&p={searchTerms}, Quarantined, [134bbc53e1aa1521d5e804b99e6617e9]
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}, Quarantined, [aab45bb474170c2ae4487df5b3513bc5]
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB|monitype20, 8/28/15 13:8:20, Quarantined, [64facb444a4155e135f4faaac341e719]
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB|monitype14, 8/28/15 13:12:52, Quarantined, [26380d02bad1f0462801d9cb01034eb2]
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB|monitype15, 8/28/15 13:14:3, Quarantined, [fb6357b892f9ee4849e05d47a06440c0]
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB|monitype25, 8/28/15 13:17:18, Quarantined, [510d66a98dfece681415842012f233cd]
PUP.Optional.OutBrowse, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\OB|monitype21, 8/28/15 13:18:47, Quarantined, [b1addc33f09be2540c1ddaca25dff709]

Registry Data: 1
PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-444297693-2264169564-2716400923-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B1C30ZKEa5UhX2PRCO-5Poa2pHn7-A--VWt7oSCt15QDP0ZhwKBihrFsvTseo-t9xuG9XogegjVFqnVsZNZtlgs-elcBjZsc_0Pby_8fl5Y4Jpp7M3rXctaOAzDWttjKRU59bM_1EwPGB45WgRtZSs-DtH1Kv&q={searchTerms}),Replaced,[f36bcc43e1aa7cbabc678dd04cb9768a]

Folders: 7
PUP.Optional.OpenCandy, C:\Users\Riaan Nel\AppData\Roaming\OpenCandy, Quarantined, [4f0f30df3b5078be21e8915b5ca62ad6],
PUP.Optional.OpenCandy, C:\Users\Riaan Nel\AppData\Roaming\OpenCandy\C22279883C3F4E17A6E3C3F3665FB43F, Quarantined, [4f0f30df3b5078be21e8915b5ca62ad6],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\ondemand, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTags, Quarantined, [4e109c73c3c850e647b709fdac5747b9],
PUP.Optional.MiniLite, C:\Program Files\MiniLite, Quarantined, [85d9fe11acdf9d990aab2ce4778c5fa1],
PUP.Optional.SavePass, C:\Program Files\SavePass 1.1, Quarantined, [f36b6ea1e9a205313404888ea95adb25],

Files: 30
PUP.Optional.Nova, C:\Program Files\Acro Software\97a9ac5d-d6ff-4631-a774-216668061390.dll, Quarantined, [7ae47e9196f5f244c4f1557e45bc5ba5],
PUP.Optional.MiniLite, C:\Program Files\MiniLite\Uninstall.exe, Quarantined, [dd81858adeadc17559e4efe4f30ed030],
Trojan.Agent.MSIL, C:\Users\Riaan Nel\AppData\Local\Lot-media.exe, Quarantined, [134bd9365c2fd561ee7d8c3eb05105fb],
PUP.Optional.Linkury.Gen, C:\Windows\System32\findit.xml, Quarantined, [76e897788209270fc22a4257b94b35cb],
PUP.Optional.OpenCandy, C:\Users\Riaan Nel\AppData\Roaming\OpenCandy\C22279883C3F4E17A6E3C3F3665FB43F\WcInstaller.exe, Quarantined, [4f0f30df3b5078be21e8915b5ca62ad6],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\AlphaJob.exe, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\AlphaJob.exe.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\CanIt.dll, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\conf.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Config.xml, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\ExtTag.dll, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\ExtTag.exe.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Isjob.dll, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Latit.exe, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Latit.exe.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\PrxCfg.xml, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Ranstock.dll, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Stimla.bin, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\StrongTex.exe, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\StrongTex.exe.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Tampfan.bin, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\uninstall.exe, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Villa-Phase.bin, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\VoyaApflex.bin, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTag\Zaamstock.exe.config, Quarantined, [8fcf8887c4c764d2db229c6a976ca15f],
PUP.Optional.ExtTag, C:\ProgramData\ExtTags\ff.HP, Quarantined, [4e109c73c3c850e647b709fdac5747b9],
PUP.Optional.ExtTag, C:\ProgramData\ExtTags\ff.NT, Quarantined, [4e109c73c3c850e647b709fdac5747b9],
PUP.Optional.ExtTag, C:\ProgramData\ExtTags\snp.sc, Quarantined, [4e109c73c3c850e647b709fdac5747b9],
PUP.Optional.MiniLite, C:\Program Files\MiniLite\msvcp110.dll, Quarantined, [85d9fe11acdf9d990aab2ce4778c5fa1],
PUP.Optional.MiniLite, C:\Program Files\MiniLite\msvcr110.dll, Quarantined, [85d9fe11acdf9d990aab2ce4778c5fa1],

Physical Sectors: 0
(No malicious items detected)


(end)




# AdwCleaner v5.004 - Logfile created 31/08/2015 at 18:00:54
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Riaan Nel - RIAANNEL-PC
# Running from : C:\Users\Riaan Nel\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\globalUpdate
[-] Folder Deleted : C:\ProgramData\Premium
[-] Folder Deleted : C:\ProgramData\RightClick
[-] Folder Deleted : C:\Users\Riaan Nel\AppData\Local\FileTypeAssistant
[-] Folder Deleted : C:\Users\Riaan Nel\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Riaan Nel\AppData\Local\OpenCandy
[-] Folder Deleted : C:\Users\Riaan Nel\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Riaan Nel\AppData\Roaming\cpuminer
[-] Folder Deleted : C:\Users\Riaan Nel\Documents\Updater
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\FileTypeAssistant

***** [ Files ] *****

[-] File Deleted : C:\Users\Riaan Nel\AppData\Roaming\Mozilla\Firefox\Profiles\ubs63plf.default\searchplugins\yahoo.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gpuminer]
[-] Key Deleted : HKLM\SOFTWARE\97a9ac5d-d6ff-4631-a774-216668061390
[-] Key Deleted : HKLM\SOFTWARE\c6980348-9af8-445a-8ff9-f44fe6dc4f41
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\FileTypeAssistant
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gpuminer
[!] Key Not Deleted : HKU\S-1-5-21-444297693-2264169564-2716400923-1000\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

[-] [C:\Users\Riaan Nel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted :

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4126 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x86
Ran by Riaan Nel on 2015/09/01 at 11:40:28.08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\convert audio free
Successfully deleted: [Folder] C:\Program Files\myfree codec
Successfully deleted: [Folder] C:\Users\Riaan Nel\Appdata\Local\cre
Successfully deleted: [Folder] C:\Users\Riaan Nel\Appdata\Local\28050



~~~ Chrome


[C:\Users\Riaan Nel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Riaan Nel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Riaan Nel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Riaan Nel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015/09/01 at 11:44:40.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





I have also re-activated my Norton IS, as I noted it expired a few days ago. Here is the history log created by the Full System Scan:

Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
2015/08/31 09:52:36 PM,Medium,frst.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\desktop\frst.exe
2015/08/31 08:33:20 PM,High,Suspicious.Cloud.9 detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\riaan nel\downloads\vector magic 1.15.rar
2015/08/31 08:25:39 PM,Low,Adware.Gen detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\roaming\atsfqs1rbz3lbtaqguwmzlnn
2015/08/31 05:54:38 PM,High,lot-media.exe (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\local\lot-media.exe
2015/08/31 04:02:13 PM,Low,protectservice.exe (PUA.SearchProtect) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\program files\minilite\protectservice.exe
2015/08/31 04:01:48 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe (WS.Malware.2) detected by Virus scanner,Removed,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe
2015/08/31 04:01:47 PM,High,{4c2490b8-3135-4953-8c3d-6c03c4721091}gw.sys (WS.Malware.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\system32\drivers\{4c2490b8-3135-4953-8c3d-6c03c4721091}gw.sys
2015/08/31 03:59:43 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-5.exe (Suspicious.Epi) detected by Virus scanner,Removed,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe
2015/08/31 03:59:42 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-6.exe (Trojan.Gen.2) detected by Virus scanner,Removed,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-6.exe
2015/08/31 03:59:41 PM,High,exttag.exe (Trojan.Gen) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\programdata\exttag\exttag.exe
2015/08/31 03:59:38 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2015/08/31 03:59:16 PM,Medium,frst.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\desktop\frst.exe
2015/08/31 03:53:19 PM,High,exttag.exe (SONAR.Heuristic.120) detected by SONAR,Quarantined,Resolved - No Action Required,c:\programdata\exttag\exttag.exe
2015/08/31 03:52:52 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-6.exe
2015/08/31 03:52:15 PM,High,ozerzumtax.dll (Suspicious.Cloud.7.EP) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\programdata\exttag\ozerzumtax.dll
2015/08/31 03:50:49 PM,Low,protectservice.exe (PUA.SearchProtect) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files\minilite\protectservice.exe
2015/08/31 03:50:10 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe (Suspicious.Epi) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-1-7.exe
2015/08/31 03:50:05 PM,High,aab96cd1-6eaa-4846-92fd-660511195439-5.exe (Suspicious.Epi) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files\savepass 1.1\aab96cd1-6eaa-4846-92fd-660511195439-5.exe
2015/08/31 03:50:01 PM,High,finlex.dll (Suspicious.Epi) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action Required,c:\programdata\exttag\finlex.dll
2015/04/17 04:34:32 PM,High,kontrolepunt_bl10_p.exe (SAPE.Downloader.373e) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\afrikaanse hoër seunskool\rw\programme\riaan\kontrolepunt_bl10_p.exe
2015/03/16 05:57:01 PM,High,"Risks in compressed file "teknomw2_1.0.rar" detected by Virus scanner",Quarantined,Resolved - No Action Required,u:\michael\games\call of duty 6 - modern warfare 2\cod 6 stuff\teknomw2_1.0.rar
2015/02/10 04:48:53 PM,Low,CommunityToolbar detected by Virus scanner,Quarantined,Resolved - No Action Required,
2014/11/30 08:56:16 AM,High,dimensies_bl13_p.exe (SAPE.Heur.5158) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\afrikaanse hoër seunskool\rw\programme\riaan\dimensies_bl13_p.exe
2014/11/30 08:55:58 AM,High,datum_u.exe (SAPE.Heur.1f7b) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\afrikaanse hoër seunskool\rw\programme\riaan\datum_u.exe
2014/11/30 08:55:39 AM,High,balbeweeg_p.exe (SAPE.Heur.d6a) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\afrikaanse hoër seunskool\rw\programme\riaan\balbeweeg_p.exe
2014/11/28 03:21:31 PM,High,gupd.exe (Suspicious.Cloud.9) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\users\riaan nel\gupd.exe
2014/10/26 07:29:33 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/10/26 07:29:33 PM,Medium,SecurityRisk.OrphanInf detected by Virus scanner,Removed,Resolved - No Action Required,
2014/10/26 07:28:08 PM,Medium,SecurityRisk.OrphanInf detected by Virus scanner,Quarantined,Resolved - No Action Required,
2014/09/21 04:44:01 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/08/21 05:27:44 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/07/20 11:41:15 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/06/09 01:49:53 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/05/25 09:18:40 PM,High,baha+men+-+who+let+the+dogs+out%20-%20[mp3juices.com][1].exe (W32.SAPE.Cloud9.5) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\hw9kxx4e\baha+men+-+who+let+the+dogs+out%20-%20[mp3juices.com][1].exe
2014/05/08 06:05:50 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/05/07 04:42:40 PM,High,download%20mixpad%20audio%20mixer%203.52%20%20%20serial%20key[1].exe (W32.SAPE.Cloud9.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\vhhiozc6\download%20mixpad%20audio%20mixer%203.52%20%20%20serial%20key[1].exe
2014/05/07 04:41:00 PM,High,mixpad%20audio%20mixer%203.54%20with%20register%20key%20code[1].exe (W32.SAPE.Cloud9.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\2j2i3s9x\mixpad%20audio%20mixer%203.54%20with%20register%20key%20code[1].exe
2014/04/14 05:22:08 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/02/27 04:07:02 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2014/01/27 12:29:24 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/12/28 12:03:35 AM,High,"Risks in compressed file "adobe.photoshop.lightroom.v4.0.multilingual.incl.keymaker-core.rar" detected by Virus scanner",Removed,Resolved - No Action Required,u:\michael\programs\adobe.photoshop.lightroom.v4.0.multilingual.incl.keymaker-core.rar
2013/12/28 12:03:32 AM,High,"Risks in compressed file "realflight.g4.5.emu33.rar" detected by Virus scanner",Quarantined,Resolved - No Action Required,u:\michael\programs\realflight\realflight.g4.5.emu33.rar
2013/12/27 07:21:01 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/11/27 12:08:40 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/10/05 12:39:38 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/09/14 06:19:09 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/07/10 06:36:26 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/06/06 05:57:47 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/06/05 07:07:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/06/03 09:16:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/05/17 04:02:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/05/02 04:42:57 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2013/02/10 04:15:45 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/12/29 01:36:40 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/12/07 02:29:59 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/12/01 12:53:38 PM,Medium,setup.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\desktop\setup.exe
2012/11/28 05:32:01 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/11/12 06:11:07 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/10/18 08:55:57 PM,High,bnetgatewayeditor.exe (Infostealer) detected by Auto-Protect,Quarantined,Resolved - No Action Required,\\meiztr\games\wc3\bnetgatewayeditor.exe
2012/10/16 06:24:25 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/09/24 03:47:26 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/09/08 04:24:14 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/08/08 11:20:37 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/05/13 05:56:46 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/05/02 09:45:39 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/24 05:10:12 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/23 06:32:30 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/23 03:40:33 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/16 06:16:55 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/08 06:41:20 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/06 11:16:59 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/04/02 05:54:21 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/03/28 08:06:37 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/03/18 03:12:14 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/02/23 04:54:18 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/02/11 12:31:08 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/02/01 09:24:35 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/01/23 06:40:54 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/01/11 06:40:34 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2012/01/08 01:22:01 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/12/26 09:31:25 AM,Medium,adobe cs4 web premium keygen.exe (WS.Reputation.1) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\users\riaan nel\appdata\local\microsoft\windows\temporary internet files\content.ie5\s8zo0n7h\adobe cs4 web premium keygen.exe
2011/12/19 12:55:35 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/12/04 08:11:29 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/10/24 07:07:09 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/10/12 06:58:16 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/09/24 01:30:09 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/09/20 07:01:26 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/09/08 05:05:36 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/09/08 03:46:00 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/09/06 02:00:28 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/08/25 06:21:12 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/08/18 03:33:00 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/08/10 11:32:07 AM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/08/04 05:43:40 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/08/04 05:36:03 PM,Medium,SecurityRisk.OrphanInf detected by Virus scanner,Quarantined,Resolved - No Action Required,
2011/07/26 06:22:53 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/07/18 01:36:54 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/07/14 06:02:06 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/07/07 04:29:49 PM,High,keygen.exe (Suspicious.MH690.A) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\sibelius 4 install files\sibelius.v4.0.incl.keygen-h2o\keygen.exe
2011/07/04 06:54:30 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/07/03 10:06:38 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/06/30 11:49:16 AM,High,vguimatsurface.dll (WS.Viral.1) detected by Virus scanner,Quarantined,Resolved - No Action Required,d:\programme\cs source\bin\vguimatsurface.dll
2011/06/24 08:13:31 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/06/11 05:33:18 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/05/22 01:27:56 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/05/16 05:43:29 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/04/19 01:46:30 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/04/06 12:06:53 AM,Low,kojikuki.exe (Packed.Generic.307) detected by Virus scanner,Removed,Resolved - No Action Required,i:\tata\govori\kojikuki.exe
2011/04/06 12:02:46 AM,High,kojikuki.exe (Trojan.Usuge!gen3) detected by Virus scanner,Quarantined,Resolved - No Action Required,i:\tata\govori\kojikuki.exe
2011/03/29 03:17:23 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/03/19 12:38:40 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/03/12 06:27:14 PM,High,info.exe (W32.SillyDC) detected by Virus scanner,Quarantined,Resolved - No Action Required,i:\recycler\info.exe
2011/03/12 06:26:56 PM,High,xtnvbd.exe (W32.Harakit) detected by Virus scanner,Quarantined,Resolved - No Action Required,i:\xtnvbd.exe
2011/03/11 05:07:59 PM,High,order.exe (Trojan Horse) detected by Virus scanner,Quarantined,Resolved - No Action Required,i:\new\world\order.exe
2011/03/11 05:07:41 PM,High,syn.exe (W32.IRCbot) detected by Virus scanner,Quarantined,Resolved - No Action Required,i:\usb vault\syn.exe
2011/03/08 02:55:28 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/02/28 07:12:33 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/02/16 01:06:53 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
2011/02/03 03:36:58 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action Required,
Fluffy
2015-09-01, 13:06
My PC's performance has already improved somewhat, but It still does not want to do a proper Shutdown though or install IE11.
Juliet
2015-09-01, 15:56
This computer is/was heavily infected. If things weren't working right I can see why.

Let me show you a couple of things Norton picked up on.
adobe cs4 web premium keygen.exe
sibelius.v4.0.incl.keygen-h2o\keygen.exe

Never trust cracked/illegal software to be clean.
cracked/keygens are one of the fastest ways of infecting your system, 100% of Cracked/KeyGen software contains some form of malicious code.

**Forum Policy**
I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

~~
http://i.imgur.com/XrDFflh.png CKScanner

Please download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe) and save the file to your Desktop.
Right-Click CKScanner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Please run this programme only once.
A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.


~~~~~~~~~~`

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.



Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.


Please post these 2 logs when finished.
Fluffy
2015-09-04, 00:50
Sorry for the delay.

Attached the CKSca Log & ESET Scan log



CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe photoshop cs2\presets\brushes\skullcracks.abr
c:\program files\adobe\photoshop elements 10\presets\brushes\skullcracks.abr
c:\program files\propellerhead\keygen.exe
scanner sequence 3.CP.11.JLAPRZ
----- EOF -----


:\AdwCleaner\Quarantine\C\Users\Riaan Nel\AppData\Roaming\cpuminer\sgminer\sgm.exe.vir a variant of Win32/BitCoinMiner.BY potentially unsafe application
C:\AdwCleaner\Quarantine\C\Users\Riaan Nel\AppData\Roaming\cpuminer\sgminer\start.cmd.vir BAT/CoinMiner.B potentially unsafe application
C:\FRST\Quarantine\C\ProgramData\ExtTag\Zaamstock.exe.xBAD a variant of MSIL/Toolbar.Linkury.H potentially unwanted application
C:\Program Files\FreeYouTubeToMP3TURBOConverter\tsasetup.exe a variant of Win32/FileTypeAssistant.A potentially unwanted application
C:\Program Files\NCH Software\MixPad\mixpad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\MixPad\mixpadsetup_v3.56.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\SoundTap\soundtap.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Software\SoundTap\soundtapsetup_v2.31.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\Program Files\NCH Swift Sound\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Program Files\NCH Swift Sound\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Program Files\NCH Swift Sound\WavePad\wpsetup_v4.52.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\ProgramData\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Users\All Users\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
C:\Windows\Installer\MSIFCAE.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
F:\DATA\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar a variant of Win32/Keygen.CW potentially unsafe application
F:\DATA\Photoshop\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application
F:\Install files\DTLite4413-0173.exe Win32/OpenCandy potentially unsafe application
F:\Install files\Nero-Free.exe Win32/Toolbar.AskSBar potentially unwanted application
F:\Install files\Sibelius 4 Install Files\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar a variant of Win32/Keygen.CW potentially unsafe application
F:\Install files\Sibelius 4 Install Files\Photoshop\keygen.exe a variant of Win32/Keygen.CW potentially unsafe application
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\MovieHunter.lod a variant of Win32/Kryptik.DYF trojan
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\uDVDErase.lod a variant of Win32/Kryptik.DYF trojan
I:\Program Files\Application Updater\ApplicationUpdater.exe a variant of Win32/Toolbar.Widgi.A potentially unwanted application
I:\Program Files\BitTorrent\BitTorrent.exe a variant of Win32/OpenCandy.C potentially unsafe application
I:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi potentially unwanted application
I:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe a variant of Win64/Toolbar.Widgi.A potentially unwanted application
I:\Program Files\Common Files\Spigot\Search Settings\wth155.dll a variant of Win32/Toolbar.Widgi.A potentially unwanted application
I:\Program Files\Common Files\Spigot\Search Settings\wthx155.dll Win64/Toolbar.Widgi.B potentially unwanted application
I:\Program Files\NCH Software\MixPad\mixpad.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
I:\Program Files\NCH Software\MixPad\mpsetup_v3.15.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
I:\Program Files\NCH Software\MixPad\uninst.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
I:\Program Files\NCH Swift Sound\WavePad\uninst.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
I:\Program Files\NCH Swift Sound\WavePad\wavepad.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
I:\Program Files\NCH Swift Sound\WavePad\wpsetup_v4.52.exe a variant of Win32/Toolbar.Conduit.K potentially unwanted application
I:\Program Files\YTD Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi potentially unwanted application
I:\Program Files\YTD Toolbar\IE\6.5\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi potentially unwanted application
I:\ProgramData\YouTube Downloader\ytd_installer.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
I:\Users\All Users\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll a variant of Win32/InstalleRex.T potentially unwanted application
I:\Users\Riaan Nel\AppData\Roaming\BitTorrent\NCH.MixPad.Audio-Mixer.v3.15-LAXiTY\mpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\LatestDLMgr.exe a variant of Win32/OpenCandy.A potentially unsafe application
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\pcspeedup.exe a variant of Win32/Speedchecker.A potentially unwanted application
I:\Users\Riaan Nel\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
I:\Windows\Installer\6a384.msi a variant of Win32/Toolbar.Widgi potentially unwanted application
Juliet
2015-09-04, 01:26
You need to uninstall

Propellerhead Software
Adobe.PhotoShop.CS2

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CreateRestorePoint:
CloseProcesses:
F:\DATA\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar
F:\DATA\Photoshop\keygen.exe
F:\Install files\DTLite4413-0173.exe
F:\Install files\Nero-Free.exe
F:\Install files\Sibelius 4 Install Files\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\MovieHunter.lod
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\uDVDErase.lod
I:\Program Files\Common Files\Spigot
I:\Program Files\Application Updater\ApplicationUpdater.exe
I:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
I:\Program Files\Common Files\Spigot
I:\Program Files\NCH Software\MixPad\mixpad.exe
I:\Program Files\NCH Software\MixPad\mpsetup_v3.15.exe
I:\Program Files\NCH Software\MixPad\uninst.exe
I:\Program Files\NCH Swift Sound\WavePad\uninst.exe
I:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
I:\Program Files\NCH Swift Sound\WavePad\wpsetup_v4.52.exe
I:\Program Files\YTD Toolbar\WidgiHelper.exe
I:\Program Files\YTD Toolbar\IE\6.5\ytdToolbarIE.dll
I:\ProgramData\YouTube Downloader\ytd_installer.exe
I:\Users\All Users\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll
I:\Users\Riaan Nel\AppData\Roaming\BitTorrent\NCH.MixPad.Audio-Mixer.v3.15-LAXiTY\mpsetup.exe
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\LatestDLMgr.exe
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\pcspeedup.exe
I:\Users\Riaan Nel\Downloads\CuteWriter.exe
I:\Windows\Installer\6a384.msi
C:\Program Files\FreeYouTubeToMP3TURBOConverter\tsasetup.exe
C:\Windows\Installer\MSIFCAE.tmp
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please give me an update on how the computer is now.
Fluffy
2015-09-07, 10:10
Fix result of Farbar Recovery Scan Tool (x86) Version:06-09-2015 01
Ran by Riaan Nel (2015-09-07 08:43:47) Run:2
Running from C:\Users\Riaan Nel\Desktop
Loaded Profiles: Riaan Nel (Available Profiles: Riaan Nel)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
F:\DATA\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar
F:\DATA\Photoshop\keygen.exe
F:\Install files\DTLite4413-0173.exe
F:\Install files\Nero-Free.exe
F:\Install files\Sibelius 4 Install Files\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\MovieHunter.lod
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\uDVDErase.lod
I:\Program Files\Common Files\Spigot
I:\Program Files\Application Updater\ApplicationUpdater.exe
I:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
I:\Program Files\Common Files\Spigot
I:\Program Files\NCH Software\MixPad\mixpad.exe
I:\Program Files\NCH Software\MixPad\mpsetup_v3.15.exe
I:\Program Files\NCH Software\MixPad\uninst.exe
I:\Program Files\NCH Swift Sound\WavePad\uninst.exe
I:\Program Files\NCH Swift Sound\WavePad\wavepad.exe
I:\Program Files\NCH Swift Sound\WavePad\wpsetup_v4.52.exe
I:\Program Files\YTD Toolbar\WidgiHelper.exe
I:\Program Files\YTD Toolbar\IE\6.5\ytdToolbarIE.dll
I:\ProgramData\YouTube Downloader\ytd_installer.exe
I:\Users\All Users\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll
I:\Users\Riaan Nel\AppData\Roaming\BitTorrent\NCH.MixPad.Audio-Mixer.v3.15-LAXiTY\mpsetup.exe
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\LatestDLMgr.exe
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\pcspeedup.exe
I:\Users\Riaan Nel\Downloads\CuteWriter.exe
I:\Windows\Installer\6a384.msi
C:\Program Files\FreeYouTubeToMP3TURBOConverter\tsasetup.exe
C:\Windows\Installer\MSIFCAE.tmp
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
F:\DATA\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar => moved successfully
F:\DATA\Photoshop\keygen.exe => moved successfully
F:\Install files\DTLite4413-0173.exe => moved successfully
F:\Install files\Nero-Free.exe => moved successfully
F:\Install files\Sibelius 4 Install Files\Photoshop\Adobe.PhotoShop.CS2.KeyGen-PANTHEON.rar => moved successfully
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\MovieHunter.lod => moved successfully
F:\Install files\UleadDVDMovieFactory5\Setup\OEM\Target\All\uDVDErase.lod => moved successfully
I:\Program Files\Common Files\Spigot => moved successfully
I:\Program Files\Application Updater\ApplicationUpdater.exe => moved successfully
"I:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" => File/Folder not found.
"I:\Program Files\Common Files\Spigot" => File/Folder not found.
I:\Program Files\NCH Software\MixPad\mixpad.exe => moved successfully
I:\Program Files\NCH Software\MixPad\mpsetup_v3.15.exe => moved successfully
I:\Program Files\NCH Software\MixPad\uninst.exe => moved successfully
I:\Program Files\NCH Swift Sound\WavePad\uninst.exe => moved successfully
I:\Program Files\NCH Swift Sound\WavePad\wavepad.exe => moved successfully
I:\Program Files\NCH Swift Sound\WavePad\wpsetup_v4.52.exe => moved successfully
I:\Program Files\YTD Toolbar\WidgiHelper.exe => moved successfully
I:\Program Files\YTD Toolbar\IE\6.5\ytdToolbarIE.dll => moved successfully
I:\ProgramData\YouTube Downloader\ytd_installer.exe => moved successfully
I:\Users\All Users\InstallMate\{CD95F7B0-B651-4C27-AECC-FE731676D546}\_Setupx.dll => moved successfully
I:\Users\Riaan Nel\AppData\Roaming\BitTorrent\NCH.MixPad.Audio-Mixer.v3.15-LAXiTY\mpsetup.exe => moved successfully
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\LatestDLMgr.exe => moved successfully
I:\Users\Riaan Nel\AppData\Roaming\OpenCandy\OpenCandy_7D0609D0172C46B1B90AA705F2061C89\pcspeedup.exe => moved successfully
I:\Users\Riaan Nel\Downloads\CuteWriter.exe => moved successfully
I:\Windows\Installer\6a384.msi => moved successfully
C:\Program Files\FreeYouTubeToMP3TURBOConverter\tsasetup.exe => moved successfully
C:\Windows\Installer\MSIFCAE.tmp => moved successfully
EmptyTemp: => 333.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:47:37 ====





Hi,

the PC has definitely improved regarding processing speed, but it still does not want to complete the "Shutdown" process. It merely keeps on showing that screen and then eventually reboots. I'm also still unable to install IE11 and subsequently Windows 10.

Please advise.

Thanks!
Juliet
2015-09-07, 15:27
I think we're dealing with corrupt system files here.

What I can do is supply links to topics which you need to read over and let's see if this can help straighten things out.
Note:
Your system might not have been ready to download and install Windows 10.

First, let's run the machine through a couple of system tools that might identify corrupt files.

https://support.microsoft.com/en-us/kb/2641432
Check your hard disk for errors in Windows 7

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
SFC /SCANNOW Command - System File Checker

~~~~
Then follow with trying to download Internet Explorer again.
https://support.microsoft.com/en-us/kb/2872074
failed installation of Internet Explorer 11

http://answers.microsoft.com/en-us/insider/wiki/insider_wintp-insider_install/how-to-a-list-of-things-to-do-if-windows-10-setup/eba3c864-d9fe-4f8e-9468-81b1f89473ed
A list of things to do if Windows 10 Setup fails.
Fluffy
2015-09-10, 13:23
Hi Juliet,

thank you so much for the assistance, I really do appreciate it immensely. :D:

The Disk Check and System File check did not yield any problems. I was still unable to install IE11, but finally managed to upgrade to Windows10! With that the new Internet browser Edge is working great. :yahoo:

The PC is much improved on the new operating system, and I'm happy to call it at that!!

Hope you have a great day further!

Kind regards from the beautiful Cape Town, South Africa.
Juliet
2015-09-10, 23:02
Let's remove tools and quarantine folders.

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.

Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


~~~~~~~~~~~~~~~~``


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
Juliet
2015-09-12, 13:28
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.