Malware Removal Assistance [Archive] - Safer-Networking Forums

h4v0c

2015-09-09, 02:33

Spybot has detected malware and removed it, but it keeps coming back as soon as I open my browser.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by havoc (administrator) on BEAST (08-09-2015 08:08:47)
Running from C:\Users\havoc\Desktop
Loaded Profiles: havoc & UpdatusUser (Available Profiles: havoc & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
() C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Windows\SysWOW64\ASGT.exe
(Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
() C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\Bitvise SSH Server\SftpServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ASUS) C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Mobile Stream) C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files\Synergy\synergys.exe
(Microsoft Corporation) C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe
(WinArchiver Computing, Inc.) C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [333088 2010-07-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [245576 2015-06-03] (Bitvise Limited)
HKLM-x32\...\Run: [WAHELPER.EXE] => C:\Program Files (x86)\WinArchiver Virtual Drive\WAHELPER.EXE [475136 2012-01-12] (WinArchiver Computing, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [Google Update] => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-10-07] (Google Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [MusicManager] => C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-06-04] (AMD)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24474752 2014-06-05] (Google)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [EasyTether] => C:\Program Files\Mobile Stream\EasyTether\easytthr.exe [73728 2014-09-02] (Mobile Stream)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [Synergy Server] => C:\Program Files\Synergy\synergys.exe [733184 2006-04-02] ()
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [OneDrive] => C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Lsa: [Authentication Packages] msv1_0 BvLsa
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-11-14]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.149\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk [2012-06-18]
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{913778D3-E1D8-4B55-9246-3308C54D3162}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2012-10-18] ()
Startup: C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-07-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{01AFDB59-DFCC-47A7-96C5-7128FEB1A811}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{62399DFD-5DC7-4A93-A733-296AA3D46A10}: [NameServer] 82.163.143.169,82.163.142.171
Tcpip\..\Interfaces\{8E4CCC50-A3BA-4403-A479-CD13832AD84D}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-26] (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-12-14] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/O1DPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @talk.google.com/O3DPlugin -> C:\Users\havoc\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @tools.google.com/Google Update;version=3 -> C:\Users\havoc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-23] (Google Inc.)
FF Plugin HKU\S-1-5-21-1583409717-3979321060-2320764336-1000: @tools.google.com/Google Update;version=9 -> C:\Users\havoc\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2013-11-23] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-09-23] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin ProgramFiles/Appdata: C:\Users\havoc\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Extension: LastPass - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\support@lastpass.com [2015-09-03]
FF Extension: YouTube™ Flash® Player - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\jid1-HAV2inXAnQPIeA@jetpack.xpi [2015-08-26]
FF Extension: Session Manager - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2015-08-26]
FF Extension: Share Button for Pinterest - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2015-08-26]
FF Extension: NoScript - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-08-26]
FF Extension: Adblock Plus - C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Profiles\la9zxu2u.default-1440627783229\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-26]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-03-09]

Chrome:
=======
CHR Profile: C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibdcpffccodechbhdlfpbgpjfmillpb [2013-01-15]
CHR Extension: (SaveLoTs) - C:\Users\havoc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gknnhaindocppopkjchenapajheodeig [2013-12-30]
CHR Extension: (AllSaver) - C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\ []
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-03-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [14578032 2015-06-03] (Bitvise Limited)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HPSLPSVC; C:\Users\havoc\AppData\Local\Temp\7zS7F23\hpslpsvc64.dll [1039360 2011-11-14] (Hewlett-Packard Co.) [File not signed]
R2 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [1971384 2015-06-22] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.149\McCHSvc.exe [289256 2015-06-26] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinArchiver Service; C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe [196608 2012-01-12] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 easytether; C:\Windows\System32\DRIVERS\easytthr.sys [21704 2014-07-21] (Mobile Stream)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)
S4 LMIRfsClientNP; no ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-18] (Riverbed Technology, Inc.)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117040 2012-04-12] (Oracle Corporation)
R0 WAEMU; C:\Windows\System32\Drivers\waemu.sys [141368 2012-01-12] (WinArchiver Computing, Inc.)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 08:08 - 2015-09-08 08:09 - 00026725 _____ C:\Users\havoc\Desktop\FRST.txt
2015-09-08 08:07 - 2015-09-08 08:08 - 00000000 ____D C:\FRST
2015-09-08 08:03 - 2015-09-08 08:03 - 00000207 _____ C:\Windows\tweaking.com-regbackup-BEAST-Windows-7-Ultimate-(64-bit).dat
2015-09-08 08:03 - 2015-09-08 08:03 - 00000000 ____D C:\RegBackup
2015-09-08 08:02 - 2015-09-08 08:02 - 00002239 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-09-08 08:02 - 2015-09-08 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-09-08 08:02 - 2015-09-08 08:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-09-06 22:18 - 2015-09-06 22:18 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2015-09-06 22:18 - 2015-09-06 22:18 - 00000000 ____D C:\Users\TEMP
2015-09-06 22:18 - 2015-07-18 15:59 - 00002104 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-06 22:18 - 2013-10-27 03:02 - 00000000 ____D C:\Users\TEMP\AppData\Local\Microsoft Help
2015-09-06 22:18 - 2009-07-14 00:54 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-06 22:18 - 2009-07-14 00:49 - 00000000 ___RD C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-06 22:00 - 2015-09-06 22:00 - 00000000 ___HD C:\OneDriveTemp
2015-09-06 21:52 - 2015-09-06 21:50 - 14243008 _____ (Microsoft Corporation) C:\Users\havoc\Desktop\mseinstall.exe
2015-09-04 16:40 - 2015-09-04 16:40 - 05198336 _____ (AVAST Software) C:\Users\havoc\Downloads\aswMBR.exe
2015-09-04 16:37 - 2015-09-04 16:36 - 02188800 _____ (Farbar) C:\Users\havoc\Desktop\FRST64.exe
2015-09-04 16:29 - 2015-09-04 16:29 - 04687184 _____ (Tweaking.com) C:\Users\havoc\Desktop\tweaking.com_registry_backup_setup.exe
2015-09-04 11:15 - 2015-09-04 15:59 - 00001062 _____ C:\Users\Public\Desktop\Comodo IceDragon.lnk
2015-09-04 11:15 - 2015-09-04 11:15 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Users\havoc\AppData\Local\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-09-04 11:15 - 2015-09-04 11:15 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-09-04 10:26 - 2015-09-04 10:26 - 00431188 _____ C:\Users\havoc\Desktop\TeamSpybot-20150904-102621.cab
2015-09-04 08:57 - 2015-09-04 08:57 - 00022548 _____ C:\Windows\SysWOW64\bddel.dat
2015-09-03 09:52 - 2015-09-03 09:52 - 00000000 ____D C:\Users\havoc\Documents\ProcAlyzer Dumps
2015-09-03 09:44 - 2015-09-03 09:24 - 00000979 _____ C:\Windows\system32\Drivers\etc\hosts.20150903-094415.backup
2015-09-03 09:27 - 2015-09-03 09:27 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Macromedia
2015-09-03 08:13 - 2015-09-03 08:13 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-03 08:13 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-03 08:08 - 2015-09-03 08:08 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-09-03 08:07 - 2015-09-04 07:55 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-03 08:07 - 2015-09-03 09:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-09-03 08:07 - 2015-09-03 08:07 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-09-03 08:07 - 2015-09-03 08:07 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-09-03 08:07 - 2015-09-03 08:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-09-03 08:07 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-09-03 08:04 - 2015-09-03 08:05 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\havoc\Downloads\spybot-2.4.exe
2015-08-26 18:23 - 2015-08-26 18:23 - 00000000 ____D C:\Users\havoc\Desktop\Old Firefox Data
2015-08-25 20:43 - 2015-09-03 10:03 - 00000000 ____D C:\ProgramData\AVAST Software
2015-08-25 20:42 - 2015-08-25 20:43 - 05685584 _____ (AVAST Software) C:\Users\havoc\Downloads\avast_free_antivirus_setup_online.exe
2015-08-25 13:09 - 2015-08-25 13:15 - 00000000 ____D C:\Users\havoc\Downloads\Windows 8 - Retail
2015-08-20 17:12 - 2015-08-20 17:50 - 00000000 ____D C:\Users\havoc\AppData\Roaming\vlc
2015-08-20 15:04 - 2015-08-20 15:04 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-20 15:04 - 2015-08-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-20 15:04 - 2015-08-20 15:04 - 00000000 ____D C:\Program Files\VideoLAN
2015-08-20 15:02 - 2015-08-20 15:03 - 29833438 _____ C:\Users\havoc\Downloads\vlc-2.2.1-win64.exe
2015-08-19 03:00 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 03:00 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 03:00 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 12:54 - 2015-09-03 10:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-16 01:00 - 2015-08-26 10:45 - 00000000 ____D C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}
2015-08-16 01:00 - 2015-08-26 07:00 - 00000340 _____ C:\Windows\Tasks\Superclean.job
2015-08-12 13:56 - 2015-08-12 13:57 - 01187032 _____ (Adobe Systems Incorporated) C:\Users\havoc\Downloads\flashplayer18_ha_install.exe
2015-08-12 12:41 - 2015-08-12 12:41 - 00242832 _____ C:\Users\havoc\Downloads\Firefox Setup Stub 40.0.exe
2015-08-12 10:01 - 2015-08-26 09:16 - 00242688 _____ C:\Users\havoc\Desktop\Stats.xls
2015-08-12 09:44 - 2015-08-12 09:57 - 00028905 _____ C:\Users\havoc\Desktop\HotS - Match History.xlsx
2015-08-12 09:40 - 2015-09-03 09:48 - 00017699 _____ C:\Users\havoc\Documents\ArcSight Systems.xlsx
2015-08-12 09:37 - 2015-08-12 09:37 - 00016148 _____ C:\Users\havoc\Documents\Heros of the Storm.xlsx
2015-08-12 03:39 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:39 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 15:34 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 15:34 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 15:34 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 15:34 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 15:34 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 15:34 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 15:34 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 15:34 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 15:34 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 15:34 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 15:34 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 15:34 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 15:34 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 15:34 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 15:34 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 15:34 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 15:34 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 15:34 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 15:34 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 15:34 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 15:34 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 15:34 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 15:34 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 15:34 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 15:34 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 15:34 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 15:34 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 15:34 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 15:34 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 15:34 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 15:34 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 15:33 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 15:33 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 15:33 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 15:33 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 15:33 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 15:33 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 15:33 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 15:33 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 15:33 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 15:33 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 15:33 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 15:33 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 15:33 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 15:33 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 15:33 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 15:33 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 15:33 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 15:33 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 15:33 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 15:33 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 15:33 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 15:33 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 15:33 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 15:33 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 15:33 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 15:33 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 15:33 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 15:33 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 15:33 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 15:33 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 15:33 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 15:33 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 15:33 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 15:33 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 15:33 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 15:33 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 15:33 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 15:33 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 15:33 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 15:33 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 15:33 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 15:33 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 15:33 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 15:33 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 15:33 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 15:33 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 15:33 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 15:33 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 15:33 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 15:33 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 15:33 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 15:33 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 15:33 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 15:32 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 15:32 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 15:32 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 15:32 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 15:32 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 15:32 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 15:32 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 15:32 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 15:32 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 15:32 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 15:32 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 00269824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 15:32 - 2015-07-16 15:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 05779456 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-08-11 15:32 - 2015-07-16 15:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 15:32 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 15:32 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 15:32 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 15:32 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 15:32 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 15:32 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 15:32 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 15:32 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 15:32 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 15:32 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 15:32 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 15:32 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 15:32 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 15:32 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 15:32 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 15:32 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 15:32 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 15:32 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 08:06 - 2013-10-07 19:49 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA.job
2015-09-08 08:02 - 2012-04-26 21:16 - 01454094 _____ C:\Windows\WindowsUpdate.log
2015-09-08 07:51 - 2009-07-14 00:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:51 - 2009-07-14 00:45 - 00027360 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 07:50 - 2012-10-18 20:54 - 00000000 ____D C:\Users\havoc\AppData\Local\Deployment
2015-09-08 07:46 - 2014-06-26 06:18 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-08 07:23 - 2014-06-26 06:18 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-08 07:12 - 2012-04-29 14:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 20:06 - 2013-10-07 19:49 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core.job
2015-09-06 22:15 - 2012-11-17 23:27 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-06 22:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 22:15 - 2009-07-14 00:51 - 00070377 _____ C:\Windows\setupact.log
2015-09-06 22:02 - 2015-07-18 15:59 - 00000000 ____D C:\Users\havoc\OneDrive
2015-09-06 22:01 - 2014-06-26 06:21 - 00000000 ___RD C:\Users\havoc\Google Drive
2015-09-06 21:59 - 2010-11-20 23:47 - 00822774 _____ C:\Windows\PFRO.log
2015-09-06 21:54 - 2014-06-09 21:37 - 00002150 _____ C:\Windows\epplauncher.mif
2015-09-06 21:54 - 2014-06-09 21:37 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-06 21:54 - 2014-06-09 21:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-09-05 17:53 - 2014-03-29 00:47 - 00000000 ____D C:\Users\havoc\AppData\Local\Battle.net
2015-09-05 17:24 - 2015-06-03 18:56 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2015-09-04 16:37 - 2015-07-07 17:55 - 00000000 ____D C:\Users\havoc\Desktop\From Laptop
2015-09-04 08:57 - 2013-01-15 23:55 - 00000000 ____D C:\ProgramData\Zoomex
2015-09-04 07:33 - 2009-07-14 01:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-03 10:14 - 2012-10-17 18:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-09-03 10:07 - 2012-04-29 15:03 - 00000000 ____D C:\Users\havoc\AppData\Roaming\Adobe
2015-09-03 09:58 - 2012-05-06 10:07 - 00000000 ____D C:\Users\havoc\.VirtualBox
2015-09-03 09:20 - 2014-06-05 21:06 - 00000000 ____D C:\Program Files (x86)\Kingo Android ROOT
2015-09-03 09:16 - 2012-10-15 18:48 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-02 10:16 - 2015-07-14 13:00 - 00000000 ____D C:\Users\havoc\Documents\ArcSight
2015-08-28 16:52 - 2014-03-29 00:46 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-08-26 10:45 - 2013-12-30 21:18 - 00000000 ____D C:\ProgramData\WinWeb protection
2015-08-26 10:44 - 2014-01-06 19:58 - 00000000 ____D C:\ProgramData\System Booster
2015-08-26 09:26 - 2012-04-26 21:16 - 00000000 ____D C:\Users\havoc
2015-08-25 21:00 - 2013-12-30 22:12 - 00000000 ____D C:\ProgramData\WebPlat
2015-08-25 21:00 - 2013-01-15 23:55 - 00000000 ____D C:\Program Files (x86)\ZoomEx
2015-08-25 18:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\spool
2015-08-25 13:13 - 2012-11-12 11:02 - 00002220 ____H C:\Users\havoc\Documents\Default.rdp
2015-08-25 13:02 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-21 10:15 - 2014-03-29 00:51 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-08-19 16:01 - 2015-07-18 15:59 - 00002157 _____ C:\Users\havoc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-18 13:13 - 2012-04-30 17:26 - 00000000 ____D C:\Users\havoc\AppData\Local\Microsoft Help
2015-08-14 03:00 - 2012-04-30 17:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 08:04 - 2015-03-12 07:00 - 00000000 ___RD C:\Users\havoc\Podcasts
2015-08-12 04:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 04:07 - 2009-07-14 00:45 - 00437688 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 04:05 - 2013-10-26 12:50 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 04:05 - 2013-10-26 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 04:01 - 2014-12-10 04:24 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 04:01 - 2014-05-07 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:41 - 2015-07-16 11:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-12 03:39 - 2013-10-26 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 03:17 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-08-12 03:10 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:02 - 2012-04-28 19:01 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 22:12 - 2012-04-29 14:20 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 22:12 - 2012-04-29 14:20 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 22:12 - 2012-04-29 14:20 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-06-03 10:15 - 2015-06-09 20:50 - 0000600 _____ () C:\Users\havoc\AppData\Roaming\winscp.rnd
2012-10-26 21:20 - 2015-06-04 18:24 - 0000600 _____ () C:\Users\havoc\AppData\Local\PUTTY.RND
2013-03-09 09:14 - 2014-08-13 01:14 - 0007596 _____ () C:\Users\havoc\AppData\Local\Resmon.ResmonCfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\havoc\AppData\Local\setup.txt

Some files in TEMP:
====================
C:\Users\havoc\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-03 15:23

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by havoc (2015-09-08 08:09:41)
Running from C:\Users\havoc\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1583409717-3979321060-2320764336-500 - Administrator - Disabled)
Guest (S-1-5-21-1583409717-3979321060-2320764336-501 - Limited - Enabled)
havoc (S-1-5-21-1583409717-3979321060-2320764336-1000 - Administrator - Enabled) => C:\Users\havoc
HomeGroupUser$ (S-1-5-21-1583409717-3979321060-2320764336-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-1583409717-3979321060-2320764336-1005 - Limited - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.2.3.28705 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{1CAFFEC6-23B4-484B-B17B-3200BE5C5636}) (Version: 99.9 - Eyeo GmbH)
Adblock Plus for IE (HKLM-x32\...\{1ce01891-839b-4ad1-b629-2e608ba0c6ba}) (Version: 1.0 - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B7908254-D208-7C46-8201-7EBC1BFF8D12}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
ArcSight ESM Console 6.5c (HKLM-x32\...\ArcSight ESM Console 6.5c) (Version: 6.5.0.0 - HP Software)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.4.2.4 - ASUSTek COMPUTER INC.)
ASUS GPU Tweak (x32 Version: 2.4.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{9D29D67C-315D-46A1-A3A9-3CAF24871578}) (Version: 1.0.022 - ASUSTek Computer Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitvise SSH Client 6.31 (remove only) (HKLM-x32\...\BvSshClient) (Version: - )
Bitvise SSH Server 6.31 (remove only) (HKLM-x32\...\Bitvise SSH Server) (Version: - )
calibre (HKLM-x32\...\{6C086582-8A0F-49D8-9E0D-82AAF2912118}) (Version: 2.33.0 - Kovid Goyal)
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Comodo IceDragon (HKLM-x32\...\Comodo IceDragon) (Version: 38.0.5.2 - COMODO)
Curse Client (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Duplicate Cleaner Free 3.2.1 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.1 - DigitalVolcano Software Ltd) <==== ATTENTION
DVD-Cloner V10.10 Build 1203 (HKLM-x32\...\DVD-Cloner 2013_is1) (Version: 10.10.0.1203 - OpenCloner Inc.)
EasyTether (HKLM-x32\...\{58b5cbff-7ea4-4fd1-b6c0-9d569faea882}) (Version: 1.3.1 - Mobile Stream)
EasyTether (Version: 1.3.1 - Mobile Stream) Hidden
EasyTether ADB USB driver (HKLM\...\{50DD726D-E167-4237-9C26-6057E421753B}) (Version: 1.0.4 - Mobile Stream)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version: - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
Google Drive (HKLM-x32\...\{D9F75285-4864-461D-83DA-8D056BAC44D1}) (Version: 1.16.6866.4367 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
H&R Block South Carolina 2014 (HKLM-x32\...\{3E2F022A-BAC6-4CD4-9C02-1DDDD32C52DA}) (Version: 1.14.2601 - HRB Technology, LLC.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.149.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\...\MusicManager) (Version: - Google, Inc.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Nuance PDF Reader (HKLM-x32\...\{5F6C549F-78DA-4E0E-AE70-0BD981936D99}) (Version: 7.00.0000 - Nuance Communications, Inc.)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Oracle VM VirtualBox 4.1.14 (HKLM\...\{C6400179-A2BD-4491-AD13-CEC9DD066246}) (Version: 4.1.14 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Pdf995 (installed by H&R Block) (HKLM-x32\...\Pdf995) (Version: - )
PDFBinder (HKLM-x32\...\{8BA03AC2-579F-41CD-A250-740137D86F7A}) (Version: 1.0.0 - Malamute.dk)
PdfEdit995 (installed by H&R Block) (HKLM-x32\...\PdfEdit995) (Version: - )
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version: - Macroplant LLC)
Software Updater (HKLM-x32\...\{7B3A525D-9D3D-4618-AE52-A31DE98C8AC3}) (Version: 4.1.4 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Synergy (HKLM-x32\...\Synergy) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.2.0 - Tweaking.com)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinArchiver Virtual Drive (HKLM-x32\...\WinArchiver Virtual Drive) (Version: 2.8 - WinArchiver Computing, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl)
Wireshark 1.8.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.8.0 - The Wireshark developer community, http://www.wireshark.org)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Youtube Downloader HD v. 2.9.9.21 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
Youtube to MP3 Converter v. 1.4 (HKLM-x32\...\Youtube to MP3 Converter_is1) (Version: - YoutubeDownloaderHD.com)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{3ff50c7e-7820-4f54-afaa-c3b1b967f0a9}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{c74c84a3-42b5-482b-8ce3-ca56e10ccf16}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1583409717-3979321060-2320764336-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\havoc\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

03-09-2015 06:06:03 Scheduled Checkpoint
03-09-2015 08:11:23 avast! antivirus system restore point
03-09-2015 09:20:38 Removed Apple Software Update
03-09-2015 10:14:05 Windows Update
06-09-2015 22:27:11 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-03 09:44 - 00450926 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 http://subscribermgmt.rr.com
192.168.2.216 esm-65
192.168.2.202 halemi2
127.0.0.1 adnetworkperformance.com
127.0.0.1 live.topupdateup.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com

There are 1000 more lines.

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {38F3B3A9-5973-4CDF-B4A3-0276C33F6E6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {540FD2A1-5956-4EE7-9518-7A21814E77A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {5DE7E962-B767-4C70-844C-20F71F24134B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {736F5830-092C-4ECB-94BE-DABE65F32BAB} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {766C73BF-C1C4-41EB-B1D0-CAC2B7EEA5B6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8BBCE216-1477-4DEE-8A97-B028307AEDD1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {9C3FC109-2086-4121-B633-7102CCB2CC76} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {9D1B3033-E673-4E0F-B47C-38120F575122} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {A1CD42F7-89DF-4557-BE87-9768C22DFA5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26] (Google Inc.)
Task: {A59B16EB-57B0-4DFD-8747-0BCC6DCBDAB5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe [2013-10-07] (Google Inc.)
Task: {B2D8B47E-2E0C-4B24-990C-E9E555F5F60A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {C0265AEA-B5AF-4DE0-8981-87B2D15D9C38} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {C1236EA7-8207-43AC-979A-C31BAFBEA462} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {C37400E0-B234-4111-B7C3-02C6B003DECD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {C3A92E25-834D-4312-AC9C-14C7422BAFD5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {E9644C70-8B10-4994-9425-A279A533CCC1} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-06-21] (ASUSTek Computer Inc.)
Task: {EA663482-CAAC-4DA8-BDBA-B71F919ED1C3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000Core.job => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1583409717-3979321060-2320764336-1000UA.job => C:\Users\havoc\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2012-01-12 09:56 - 2012-01-12 09:56 - 00196608 _____ () C:\Program Files (x86)\WinArchiver Virtual Drive\WAService.exe
2012-11-17 23:27 - 2013-10-23 04:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-24 15:10 - 2012-04-26 16:51 - 00040448 _____ () C:\Windows\System32\pdf995mon64.dll
2013-08-30 20:47 - 2013-08-30 20:47 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-10-22 15:41 - 2012-10-22 15:41 - 00749056 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-10-22 15:42 - 2012-10-22 15:42 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2012-01-17 12:24 - 2012-01-17 12:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2015-06-03 15:15 - 2015-06-03 15:15 - 00710000 _____ () C:\Program Files\Bitvise SSH Server\CiProv64.dll
2015-06-22 06:12 - 2015-06-22 06:12 - 01971384 _____ () C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
2015-06-03 15:15 - 2015-06-03 15:15 - 02470192 _____ () C:\Program Files\Bitvise SSH Server\SftpServer.exe
2015-06-16 16:31 - 2015-06-16 16:31 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2006-04-02 16:20 - 2006-04-02 16:20 - 00733184 _____ () C:\Program Files\Synergy\synergys.exe
2013-08-30 20:47 - 2013-08-30 20:47 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 16:51 - 2013-06-05 16:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2015-09-03 08:07 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-03 08:07 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-09-03 08:07 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-03 08:07 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-20 12:01 - 2013-06-20 12:01 - 00258048 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Vender.dll
2013-05-14 16:11 - 2013-05-14 16:11 - 00049152 _____ () C:\Program Files (x86)\ASUS\GPU Tweak\Exeio.dll
2006-04-02 16:20 - 2006-04-02 16:20 - 00024576 _____ () C:\Program Files\Synergy\synrgyhk.DLL
2013-02-27 15:33 - 2013-02-27 15:33 - 10683392 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 15:32 - 2013-02-27 15:32 - 07741952 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 15:32 - 2013-02-27 15:32 - 02248192 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 15:33 - 2013-02-27 15:33 - 01681408 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-11 21:03 - 2013-11-11 21:03 - 00117248 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-11 21:04 - 2013-11-11 21:04 - 00231936 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-11 21:03 - 2013-11-11 21:03 - 00253440 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-11 21:05 - 2013-11-11 21:05 - 00344064 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 15:33 - 2013-02-27 15:33 - 00026624 _____ () C:\Users\havoc\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00098816 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32api.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00110080 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pywintypes27.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00364544 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pythoncom27.dll
2015-09-08 07:48 - 2015-09-08 07:48 - 00045568 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_socket.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01160704 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_ssl.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00320512 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32com.shell.shell.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00713216 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_hashlib.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01175040 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._core_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00805888 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._gdi_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00811008 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._windows_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 01062400 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._controls_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00735232 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._misc_.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00128512 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_elementtree.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00127488 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pyexpat.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00557056 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\pysqlite2._sqlite.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00007168 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\hashobjs_ext.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00087552 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_ctypes.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00119808 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32file.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00108544 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32security.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00018432 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32event.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00038912 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32inet.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00070656 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._html2.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00167936 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32gui.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00011264 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32crypt.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00027136 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\_multiprocessing.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00122368 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._wizard.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00010240 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\select.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00024064 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32pipe.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00686080 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\unicodedata.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00025600 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32pdh.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00525640 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\windows._lib_cacheinvalidation.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00035840 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32process.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00017408 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32profile.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00022528 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\win32ts.pyd
2015-09-08 07:48 - 2015-09-08 07:48 - 00078336 _____ () C:\Users\havoc\AppData\Local\Temp\_MEI85082\wx._animate.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7866 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1583409717-3979321060-2320764336-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\havoc\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 82.163.143.169 - 82.163.142.171
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{73CC6B70-D36A-4D6C-9035-3475A366D9D4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BF5D7C98-38E9-4AD4-A696-5292D794F0C9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{7442F97C-191F-49A1-88D7-385045BB045D}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{75D7EA13-4157-4F12-855D-4C7263F30523}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{BFF4A905-D952-4BA6-AB49-38B9990BEC43}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{DF11BAE7-85BB-482A-A8B2-8D9E02F374FB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{69E30CC9-161F-4D5C-801F-6EAFE05E397A}] => (Allow) C:\Users\havoc\AppData\Local\Temp\7zS7F23\hppiw.exe
FirewallRules: [{30F3A50F-B455-4041-9846-B1FF33969729}] => (Allow) C:\Users\havoc\AppData\Local\Temp\7zS7F23\hppiw.exe
FirewallRules: [{05B75711-9FBC-4FE6-80E1-835B14403EB4}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A257720E-4197-45EF-9EF9-95174AC3C4B9}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{C5EABFF4-8D18-466A-8E8E-F8AA06B25E2A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{DCFDA838-34E2-4097-926A-0E0AA91BA3DD}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{344E0E01-CD90-4670-9124-D716D52726DB}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{B25EAE0E-4A18-4798-A716-07A9788D7E37}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{85C15765-BD4D-4C49-8890-B45D6B35980C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{836AE6CA-2908-4F0F-A5DC-15CDAF09545C}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\FixLauncher.exe
FirewallRules: [{15C7F58B-33E7-4C4B-873E-E24DB66A962E}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{6AF567B7-7113-4649-AC3B-42321EE0B05A}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{C85C3B08-5867-4D76-9792-1654E48CE0BC}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{864F2230-0BDF-4FAC-B55A-9D3B0EDC5600}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{11E9EF00-9EDC-45B4-BEF2-78AF838D9DA4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{45DD72ED-7E51-434E-8144-4EE968E57CD2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{40F52CDE-652D-4E4C-9926-3616051A9FC1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{9779022B-1446-4DC4-AD9D-59767569B0B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{3F53A99D-3DA1-4E53-9703-02C1483BE05C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{FED5F176-E5D9-4C3A-9D12-42211333B533}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{5815BDD2-6206-4071-860B-80A86D813367}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{660C6131-CACF-4A5F-924E-876A39961B3B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{ACC883FF-CD54-43CB-B406-032D7A6E40E9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{32D22323-C449-4788-9BCA-2F193DBAA8FE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1637\Agent.exe
FirewallRules: [{29A76A61-4252-4826-AA33-FAA7D5629DD1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{D6355FA0-B9A7-4774-84FB-F24BC57FD71D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1675\Agent.exe
FirewallRules: [{A46C3B71-807E-41DA-9561-9E79B56FE7C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{77E52FF8-2EBB-49E4-8F1A-67240AC0595D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
FirewallRules: [{DFCF0FD5-3D0F-4014-8984-0E0C3C1D368F}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{6A99E4C8-C9F1-47B4-919D-7CEB41FA87E2}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{E06CFF97-5F60-455B-8769-B1E6E5F6BF17}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [{055B710B-B756-49BC-847A-56BE2B7BEB3C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2006\Agent.exe
FirewallRules: [TCP Query User{65D9A7F1-0F7B-4DF1-8B7B-9085CACDD502}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [UDP Query User{3CA9E34F-B144-404D-93B4-A0E049DDB34B}C:\programdata\battle.net\agent\agent.2045\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{E7A04078-67AD-4184-A4E0-2C16E85E0060}] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{2962435F-E7BD-4A73-8B81-90C6FEA4ED0A}] => (Allow) C:\programdata\battle.net\agent\agent.2045\agent.exe
FirewallRules: [{76A56D17-2D2B-4309-B727-74E4DDD2ABBA}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{7F8A0366-AF18-48C7-9BFC-95F9565048B8}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query User{281B81E0-C998-46DA-9172-E4958A4B9990}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{9DFE9F52-9C33-4CAE-8A67-5B67D18E383D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{8C360730-FCD1-4768-9F0B-765804BC6512}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{41BB5886-52E3-4BC5-8568-989537E0476C}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{A95087A8-B25F-4532-947A-1A90C1F69431}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{E1EC9AF7-5CA6-4023-A75C-574384C30B83}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2328\Agent.exe
FirewallRules: [{19AFF2C2-E1CB-47A5-B619-7DBC632B221D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{52A7E2BE-D54F-45C1-9FFD-9F8A2E9DA702}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{A66B6067-57B5-41E8-AFB7-286A152D9131}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{EC357B65-9EC0-41C8-8538-6B5A9C7D9666}C:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{51259C96-9769-44C3-8602-7F854BB869DC}] => (Block) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{D7994EA6-7AF0-46F2-A6EF-CEDAFB12015A}] => (Block) C:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{55DA6352-1B95-4357-950E-EAF8710B2486}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{7E7D45F4-5B97-487C-A3B8-72F47E296264}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{0D763686-C4B2-4CCF-80E1-CE60A71186BB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{B59F415C-1999-45C6-967D-88785E1C8B13}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{C9F2F6A3-3F37-453E-B950-0778682FC7C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{C30DCE8D-CEB7-456E-B702-1120668CC3C7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{FB01FDD6-6EC2-4EAF-9E09-864B28BBAEAA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{C8109DD9-DBDC-4C0C-BB30-3B7680B828B2}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{F5F8191F-7DED-4C3D-A881-C6E868F9C129}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{0C2CC23C-1D13-459B-8F02-90A160BA97B9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{E19B7441-9DF9-40CC-80F3-F02474C51649}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{65C75036-1D56-411C-B2AC-30A5DA58DCDF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{7C667566-A423-4F35-B0AF-467B1DEF7375}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{E3B478B2-760F-4231-890A-A27881531882}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{DA9427D6-995F-4E9A-A22B-A742258AFAEC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{45457675-6EA9-44E6-AFDB-9B7D801BB6A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{5079AF01-7A78-4A49-AB5F-2B75A8FC2AA7}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{167977FC-55A4-4918-8767-117503ECA4E0}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{FDE2F4D2-2908-4B94-B413-D8812AFC5571}] => (Block) C:\windows\explorer.exe
FirewallRules: [{913C8377-3C17-409E-A6C0-74CDB7FCBBEA}] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{973A4FED-4BF0-4F82-844A-62D9636D574A}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [UDP Query User{22DCEC76-12B1-417E-BE8B-B6002FFBACEF}C:\programdata\battle.net\agent\agent.3023\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{C4FD064E-E2E0-4568-8008-F3504FC6BC92}] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{45FBDB26-8466-45EE-B702-6589400B4A72}] => (Allow) C:\programdata\battle.net\agent\agent.3023\agent.exe
FirewallRules: [{329B8311-709F-4929-85F9-E928E900EDEF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{5E647BE5-BC9D-4E5F-80DF-0F9F7B078826}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{0FA931EA-1749-4129-AC12-D485FF740991}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{32B547C0-517F-45BC-8066-21BE1C7A8B2F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{390421F5-B767-40BC-A2BD-662F72CEE8A0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{C783034B-4765-4F85-843F-1A784A467533}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [TCP Query User{A9A0383D-639B-4ED0-87AA-E2AA651EEC9A}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{6474A88B-A3A0-485E-8DC6-25C957FA69A3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{2E48F9BD-4362-4054-AE2C-763CDA842EDE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{BB6AF502-8D07-40EC-9167-6B20120EDA99}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{0A8E2DD6-5F5E-4AD6-912C-ADA3405F0971}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{FEAF538F-ED11-48E1-B862-1DC4901466EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3182\Agent.exe
FirewallRules: [{E866C970-008A-4BC8-BDDC-6EAB12C40CD5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{F2FDF403-F3EF-4963-A2EF-8ACBEF40D296}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{1BF29E8D-DBF5-4060-BD9E-7284286E1482}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{B5102D75-34CD-4D0E-9FBC-1ED90AAEAA5C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [TCP Query User{41A8B462-65B2-4D78-834F-049FBBBD1E60}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [UDP Query User{4B589251-4E15-415D-AB85-8EAD1D5CFDA8}C:\programdata\battle.net\agent\agent.3322\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3322\agent.exe
FirewallRules: [{DCF7D69F-5741-4DE9-815B-14234A4FD5C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [{11869FE5-376F-4EF1-8883-711E0EFF1F12}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3334\Agent.exe
FirewallRules: [TCP Query User{665FC0D7-EED6-4FE9-87F7-54C022093AAB}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [UDP Query User{EA0728EA-6658-4E5B-83C7-9B823E0585D3}C:\programdata\battle.net\agent\agent.3346\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3346\agent.exe
FirewallRules: [{AC0B278F-EEF6-4E7A-A0DE-E7361110F238}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{3C9C3B88-9687-4A77-97B3-897276E7B8B2}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{063FC79D-EAEE-49FA-B42F-DA3A4CDBF0A2}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{30311C7A-16D0-4B36-97CD-EAB75318A108}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [UDP Query User{6C40C5B4-2949-4A90-8080-C3DF2F4E7A09}C:\programdata\battle.net\agent\agent.3427\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3427\agent.exe
FirewallRules: [{C59B4768-BD92-4CF6-98EA-0C04B31A972F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D12B031E-6F2F-458A-86A8-BE2F782AB5FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{D68A4F1E-A018-43C1-854F-F7BF275191A4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{ACB2EA39-9222-4D16-9B51-0A1742B7F0C5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{B9693B46-7E00-4290-9A77-E9B9787D0B53}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{472A5A39-495E-430C-9E16-7C2BF8884516}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{68375084-C780-46CF-ABFF-9E709DBB3650}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{176D5BB4-2F6D-4F3E-BAD7-A3D3EBFE3D1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{88D2EAB3-CD28-49CD-AE79-714300FFCADD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{C7045A69-F312-4425-981E-03223E62C44D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{455E74C0-71B6-4594-AA94-CDD57FD95E0D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{61B8A0AC-8A56-4508-8E6D-20DC6529CF49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{FE444A11-563F-4E1D-946B-1CF85CBFC426}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{BC6C9C10-6246-41E7-B940-E7FCF21B46EE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [TCP Query User{199876D3-9516-413E-99CA-076B723CC78B}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [UDP Query User{F5BCB9CD-06A6-4588-B324-E1EBF538EAD2}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [{1C42E836-5A2B-40BF-ADF0-1B0F5C6E40A3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{2857FFB3-80CB-4041-A8E8-A255FD2915C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{F9E637B6-FFBF-4C69-998A-E21E326DF840}C:\program files\openssh\usr\sbin\sshd.exe] => (Allow) C:\program files\openssh\usr\sbin\sshd.exe
FirewallRules: [UDP Query User{1ED21FE6-833D-44E6-AF4F-62FF5979F458}C:\program files\openssh\usr\sbin\sshd.exe] => (Allow) C:\program files\openssh\usr\sbin\sshd.exe
FirewallRules: [TCP Query User{271FE21D-3ABF-4168-955B-1F85A7093A97}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [UDP Query User{4F1F75C4-A547-42C1-A72B-EF6F3597BDE8}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [TCP Query User{1A44ED49-C1D1-485D-A0EB-9CB0B7A9C945}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2543C287-2D4F-4E38-A5FD-35B893CCE427}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C0B8C541-E649-4D9B-9E8D-B0708380AF39}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [UDP Query User{74C663A3-46B6-4DF0-BA97-0A22F1F30AEC}C:\program files\synergy\synergys.exe] => (Allow) C:\program files\synergy\synergys.exe
FirewallRules: [TCP Query User{4668F675-3E6C-4D0A-A375-AEC64D88E8A4}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3EB0F1C7-1E68-4883-B4F7-31B771FA8373}C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E9BF9402-9D48-462B-B740-681C49CD0397}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7B5E3B53-2536-42CE-BCD2-5E52BD469B37}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{994113F5-5A17-4FAE-95B9-7962F7F78469}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{FD195709-94E8-4D5E-AA5D-AA6FAB380876}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{A02BE46E-21A6-4EC1-81A5-04D22A628D6E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0FB59C5C-50A8-4005-9D1F-4F7BBB4F87F5}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6FFDDDD5-E141-41F8-B67D-D985A66FD189}] => (Allow) C:\Users\havoc\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [TCP Query User{A1BB2469-8A00-4225-9EF9-FBE8CC28B116}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{57158E1E-33C2-4CAC-A95B-DF746E1D526C}C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37117\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3866FFBF-D341-44E3-BAD0-D5222CF47252}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6D05FCA5-1470-4CAE-A084-291CB9907DC0}C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37274\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B76BF865-ADEB-43FB-9914-B8B4A428813D}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{79E29BBE-3A7A-4F1E-AFE5-94ECA4B18CA7}C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base37351\heroesofthestorm_x64.exe
FirewallRules: [{1DEC7125-7310-4A64-89CF-8B709092A16F}] => (Allow) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: EasyTether Network Adapter
Description: EasyTether Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Mobile Stream
Service: easytether
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: LogMeIn Mirror Driver
Description: LogMeIn Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: lmimirr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: HP LaserJet 200 color M251nw
Description: HP LaserJet 200 color M251nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.

Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.

Error: (09/08/2015 08:02:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This network connection does not exist.
.

Error: (09/08/2015 08:01:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.

Error: (09/08/2015 08:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.

Error: (09/08/2015 08:01:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crt> with error: This operation returned because the timeout period expired.
.

Error: (09/08/2015 07:49:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/08/2015 07:49:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2015 10:27:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1583409717-3979321060-2320764336-1005.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {98eb28fd-489c-473f-a2e7-bb7f4d8d9676}

Error: (09/06/2015 10:18:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: BEAST)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

System errors:
=============
Error: (09/07/2015 10:27:28 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 115.18.0.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/07/2015 10:26:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1746.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/07/2015 10:26:55 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1746.0

Update Source: %NT AUTHORITY51

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/07/2015 10:26:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.205.1746.0

Update Source: %NT AUTHORITY59

Update Stage: 4.8.0204.00

Source Path: 4.8.0204.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/06/2015 10:27:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Microsoft Network Inspection service depends the following service: NisDrv. This service might not be installed.

Error: (09/06/2015 10:27:58 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070433

Error description: The dependency service does not exist or has been marked for deletion.

Reason: %%858

Error: (09/06/2015 10:25:40 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (09/06/2015 10:25:38 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (09/06/2015 10:16:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/06/2015 10:15:58 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The Microsoft Network Inspection service depends the following service: NisDrv. This service might not be installed.

Microsoft Office:
=========================
Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis network connection does not exist.

Error: (09/08/2015 08:02:56 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis network connection does not exist.

Error: (09/08/2015 08:02:17 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis network connection does not exist.

Error: (09/08/2015 08:01:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis operation returned because the timeout period expired.

Error: (09/08/2015 08:01:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis operation returned because the timeout period expired.

Error: (09/08/2015 08:01:00 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/AFE5D244A8D1194230FF479FE2F897BBCD7A8CB4.crtThis operation returned because the timeout period expired.

Error: (09/08/2015 07:49:40 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (09/08/2015 07:49:30 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5

Error: (09/06/2015 10:27:12 PM) (Source: VSS) (EventID: 8193) (User: )
Description: ConvertStringSidToSid(S-1-5-21-1583409717-3979321060-2320764336-1005.bak)0x80070539, The security ID structure is invalid.

Operation:
OnIdentify event
Gathering Writer Data

Context:
Execution Context: Shadow Copy Optimization Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {98eb28fd-489c-473f-a2e7-bb7f4d8d9676}

Error: (09/06/2015 10:18:06 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: BEAST)
Description:

CodeIntegrity:
===================================
Date: 2015-09-08 08:06:57.896
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-08 08:01:02.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-09-08 07:46:04.933
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-11-25 12:17:52.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD FX(tm)-8120 Eight-Core Processor
Percentage of memory in use: 19%
Total physical RAM: 16328.28 MB
Available physical RAM: 13138.34 MB
Total Virtual: 32654.48 MB
Available Virtual: 29344.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:109.54 GB) NTFS
Drive v: (Virtuals) (Fixed) (Total:298.09 GB) (Free:223.78 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EFA8E477)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A3DC4663)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-09-08 17:58:42
-----------------------------
17:58:42.935 OS Version: Windows x64 6.1.7601 Service Pack 1
17:58:42.935 Number of processors: 8 586 0x102
17:58:42.936 ComputerName: BEAST UserName: havoc
17:58:44.798 Initialize success
17:58:44.863 VM: initialized successfully
17:58:44.864 VM: Amd CPU supported
18:01:52.630 AVAST engine defs: 15090803
18:02:02.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4
18:02:02.693 Disk 0 Vendor: ST500DM002-1BD142 KC44 Size: 476940MB BusType: 11
18:02:02.696 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-3
18:02:02.698 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 11
18:02:02.835 Disk 0 MBR read successfully
18:02:02.838 Disk 0 MBR scan
18:02:02.872 Disk 0 Windows 7 default MBR code
18:02:02.883 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:02:02.888 Disk 0 default boot code
18:02:02.922 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
18:02:02.994 Disk 0 scanning C:\Windows\system32\drivers
18:02:18.696 Service scanning
18:02:53.469 Modules scanning
18:02:53.474 Disk 0 trace - called modules:
18:02:53.482 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:02:53.486 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dc63790]
18:02:53.490 3 CLASSPNP.SYS[fffff880019a743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa800da48060]
18:02:56.876 AVAST engine scan C:\Windows
18:02:59.189 AVAST engine scan C:\Windows\system32
18:07:27.965 AVAST engine scan C:\Windows\system32\drivers
18:07:46.413 AVAST engine scan C:\Users\havoc
18:50:11.932 AVAST engine scan C:\ProgramData
18:53:49.812 Disk 0 statistics 5240656/0/0 @ 1.42 MB/s
18:53:49.818 Scan finished successfully
19:03:54.921 Disk 0 MBR has been saved successfully to "C:\Users\havoc\Desktop\MBR.dat"
19:03:54.954 The log file has been saved successfully to "C:\Users\havoc\Desktop\aswMBR.txt"

Thanks in advance.

Juliet

2015-09-09, 15:59

http://i.imgur.com/goGMWSt.gifP2P Warning

------------------------------
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~~~~~~~~~~~~~~~~~~~`

Please uninstall/remove
Duplicate Cleaner Free 3.2.1

~~~~~~~~~~~~~~~~~~~~~

We need to remove some bad extensions from Google Chrome.

Instructions on how to backup your Favorites/Bookmarks and other data can be found below.

http://i.imgur.com/U5NwUGc.png Backup Chrome Bookmarks (http://www.wikihow.com/Export-Bookmarks-from-Chrome)

Proceed with the reset once done.

[img]http://i.imgur.com/U5NwUGc.png Chrome: Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

~~~~~~~~~~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-08-26 10:45 - 2013-12-30 21:18 - 00000000 ____D C:\ProgramData\WinWeb protection
C:\Users\havoc\AppData\Local\Temp\ose00000.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.exe <==== ATTENTION
EmptyTemp:
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~~~~``

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~
please post
Fixlog.txt
AdwCleaner[CX].txt
JRT.txt

h4v0c

2015-09-09, 23:48

uTorrent has been uninstalled. It was something I downloaded a few years back for a couple specific beta files, and I haven't used it since, so no real loss there.
Duplicate Cleaner Free 3.2.1 has been uninstalled as well.

Chrome is not installed on my computer, so I could not follow those instructions.

FRST froze the first time I ran it, so I ended task (after about 2 hours) and ran it again. The first Fixlog.txt contained:

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by havoc (2015-09-09 14:36:57) Run:1
Running from C:\Users\havoc\Desktop
Loaded Profiles: havoc & UpdatusUser (Available Profiles: havoc & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-08-26 10:45 - 2013-12-30 21:18 - 00000000 ____D C:\ProgramData\WinWeb protection
C:\Users\havoc\AppData\Local\Temp\ose00000.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.exe <==== ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\ProgramData\WinWeb protection => moved successfully
C:\Users\havoc\AppData\Local\Temp\ose00000.exe => moved successfully
C:\Windows\Tasks\Superclean.job => moved successfully

I appended a 1 to the file name (so it would not be overwritten) and ran it a second time. The second Fixlog.txt contained:

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by havoc (2015-09-09 16:23:41) Run:2
Running from C:\Users\havoc\Desktop
Loaded Profiles: havoc (Available Profiles: havoc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User: Restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-08-26 10:45 - 2013-12-30 21:18 - 00000000 ____D C:\ProgramData\WinWeb protection
C:\Users\havoc\AppData\Local\Temp\ose00000.exe
Task: C:\Windows\Tasks\Superclean.job => c:\programdata\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.exe <==== ATTENTION
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1583409717-3979321060-2320764336-1005\User" => File/Folder not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"C:\ProgramData\WinWeb protection" => File/Folder not found.
"C:\Users\havoc\AppData\Local\Temp\ose00000.exe" => File/Folder not found.
C:\Windows\Tasks\Superclean.job => not found.
EmptyTemp: => 951.8 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 16:25:03 ====

h4v0c

2015-09-09, 23:51

AdwCleaner installed find and ran quickly. The output from AdwCleaner[S1].txt contained:

# AdwCleaner v5.007 - Logfile created 09/09/2015 at 16:31:19
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : havoc - BEAST
# Running from : C:\Users\havoc\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Zoomex
Folder Found : C:\Program Files (x86)\SaveLots
Folder Found : C:\Program Files (x86)\AdBBlocKnWaatch
Folder Found : C:\Program Files (x86)\AdREmoverUTUbe
Folder Found : C:\Program Files (x86)\AllSaver
Folder Found : C:\Program Files (x86)\SaveLoTs
Folder Found : C:\ProgramData\WebPlat
Folder Found : C:\ProgramData\Zoomex
Folder Found : C:\ProgramData\SaveLots
Folder Found : C:\ProgramData\System Booster
Folder Found : C:\ProgramData\AdBBlocKnWaatch
Folder Found : C:\ProgramData\AdREmoverUTUbe
Folder Found : C:\ProgramData\AllSaver
Folder Found : C:\ProgramData\SaveLoTs
Folder Found : C:\ProgramData\3b044cd5e46988f7
Folder Found : C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}
Folder Found : C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd
Folder Found : C:\Users\havoc\AppData\LocalLow\Zoomex

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2673 bytes] ##########

h4v0c

2015-09-10, 00:01

JRT has been installed and is running now. It has been running for around half an hour and is still sitting at

Press any key to continue . . .

Creating restore point... SUCCESS
Checking Startup

I will leave this running for a while and see if it progresses any further. Once it is completed, I will post the results for your review.

Thanks again!

Juliet

2015-09-10, 03:35

JRT should be stopped if it hasn't progressed further.

We need to run AdwCleaner again and let it remove what was found, if you haven't already.

Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[CX].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~`

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

http://i24.photobucket.com/albums/c30/ken545/0841859c-1a35-4dbd-b41a-e720629e3e22_zpst0yckuua.png

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished and the log pops up...select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

~~~~~~~~~~~~~~~~~~~~~~``

http://i24.photobucket.com/albums/c30/ken545/MBAM%20Application_zps7zm0ftdm.png (http://s24.photobucket.com/user/ken545/media/MBAM%20Application_zps7zm0ftdm.png.html)

1. Open up Malwarebytes and you will be on the Dashboard
2. Click on the History Tab
3. Then click on Application Logs
4. Double click on the SCAN LOG (Not Protection Log ) you just ran
5. When it opens it will look like this

http://i24.photobucket.com/albums/c30/ken545/MBAM%20Export_zpsjbtttjun.jpg (http://s24.photobucket.com/user/ken545/media/MBAM%20Export_zpsjbtttjun.jpg.html)

6. Then click on Export
7. On the drop down list click on Copy to Clipboard
8. Then paste the log back into this thread

h4v0c

2015-09-10, 06:28

Sorry for the delayed response. JRT did finish, but I had to step out for a couple hours so I'm not exactly sure how long it took. The results from the JRT.txt were:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 7 Ultimate x64
Ran by havoc on Wed 09/09/2015 at 16:34:31.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\zoomex
Successfully deleted: [Folder] C:\ProgramData\cloud software ltd
Successfully deleted: [Folder] C:\ProgramData\zoomex
Successfully deleted: [Folder] C:\Users\havoc\Appdata\LocalLow\zoomex
Successfully deleted: [Folder] C:\ProgramData\3b044cd5e46988f7

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/09/2015 at 19:29:17.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes has been installed and is running now. I will post those results as soon as it finishes.

h4v0c

2015-09-10, 07:06

Malwarebytes - Threat Scan Results were as follows:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/9/2015
Scan Time: 11:25 PM
Logfile: malwarebytes_log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.10.01
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: havoc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429336
Time Elapsed: 18 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.TermTrident, HKLM\SOFTWARE\WOW6432NODE\TermTrident_1.10.0.22, , [261328066922f145c64156622dd73fc1],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, , [c277e34b3952082e9c62e2b1c341e917],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{62399DFD-5DC7-4A93-A733-296AA3D46A10}|NameServer, 82.163.143.169,82.163.142.171, Good: (), Bad: (82.163.143.169,82.163.142.171),,[0039b87632593bfb0d593f2b4bba728e]

Folders: 5
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd, , [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}, , [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.AllSaver, C:\ProgramData\AllSaver, , [dc5d44ea4942f73fa98f2fcde41e03fd],
PUP.Optional.SaveLots, C:\ProgramData\SaveLoTs, , [19202608b0db88ae7bad72a9ee15817f],
PUP.Optional.SaveLots, C:\Program Files (x86)\SaveLoTs, , [25140e20018a082e67c2ac6f4eb5966a],

Files: 8
PUP.Optional.OpenCandy, C:\Users\havoc\Downloads\DuplicateCleaner_setup.exe, , [6ecbd25c27648babaf0983d570903fc1],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\lsdb.js, , [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\background.html, , [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\content.js, , [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\manifest.json, , [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.dat, , [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\df7b60f890c18942, , [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\e8dbb60169b18212, , [7dbc1a14612a1224cbe59a1b6a9a59a7],

Physical Sectors: 0
(No malicious items detected)

(end)

h4v0c

2015-09-10, 07:08

Malwarebytes - Historical Scan log results were as follows:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/9/2015
Scan Time: 11:25 PM
Logfile: malwarebytes_scan_log.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.10.01
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: havoc

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 429336
Time Elapsed: 18 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.TermTrident, HKLM\SOFTWARE\WOW6432NODE\TermTrident_1.10.0.22, Quarantined, [261328066922f145c64156622dd73fc1],
PUP.Optional.GlobalUpdate, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE\Clients, Quarantined, [c277e34b3952082e9c62e2b1c341e917],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{62399DFD-5DC7-4A93-A733-296AA3D46A10}|NameServer, 82.163.143.169,82.163.142.171, Good: (), Bad: (82.163.143.169,82.163.142.171),Replaced,[0039b87632593bfb0d593f2b4bba728e]

Folders: 5
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd, Quarantined, [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}, Quarantined, [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.AllSaver, C:\ProgramData\AllSaver, Quarantined, [dc5d44ea4942f73fa98f2fcde41e03fd],
PUP.Optional.SaveLots, C:\ProgramData\SaveLoTs, Quarantined, [19202608b0db88ae7bad72a9ee15817f],
PUP.Optional.SaveLots, C:\Program Files (x86)\SaveLoTs, Quarantined, [25140e20018a082e67c2ac6f4eb5966a],

Files: 8
PUP.Optional.OpenCandy, C:\Users\havoc\Downloads\DuplicateCleaner_setup.exe, Quarantined, [6ecbd25c27648babaf0983d570903fc1],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\lsdb.js, Quarantined, [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\background.html, Quarantined, [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\content.js, Quarantined, [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.MultiPlug, C:\ProgramData\jbimlbablkdnfjkiigccamffgkalckhd\manifest.json, Quarantined, [ac8d18161f6c92a4760b125d8183ea16],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\hqghumeaylnlf.dat, Quarantined, [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\df7b60f890c18942, Quarantined, [7dbc1a14612a1224cbe59a1b6a9a59a7],
PUP.Optional.SuperOptimizer, C:\ProgramData\{5679e186-c22c-2bac-5679-9e186c22861b}\e8dbb60169b18212, Quarantined, [7dbc1a14612a1224cbe59a1b6a9a59a7],

Physical Sectors: 0
(No malicious items detected)

(end)

h4v0c

2015-09-10, 07:16

I reran the AdwCleaner again, which returned the following results to the AdwCleaner[S2].txt file:

# AdwCleaner v5.007 - Logfile created 10/09/2015 at 00:02:22
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : havoc - BEAST
# Running from : C:\Users\havoc\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\AdBBlocKnWaatch
Folder Found : C:\Program Files (x86)\AdREmoverUTUbe
Folder Found : C:\Program Files (x86)\AllSaver
Folder Found : C:\ProgramData\WebPlat
Folder Found : C:\ProgramData\System Booster
Folder Found : C:\ProgramData\AdBBlocKnWaatch
Folder Found : C:\ProgramData\AdREmoverUTUbe

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2136 bytes] ##########

After making sure everything was checked, I ran the > Clean < option. After my system rebooted, the contents of AdwCleaner[C1].txt were as follows:

# AdwCleaner v5.007 - Logfile created 10/09/2015 at 00:04:59
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : havoc - BEAST
# Running from : C:\Users\havoc\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\AdBBlocKnWaatch
[-] Folder Deleted : C:\Program Files (x86)\AdREmoverUTUbe
[-] Folder Deleted : C:\Program Files (x86)\AllSaver
[-] Folder Deleted : C:\ProgramData\WebPlat
[-] Folder Deleted : C:\ProgramData\System Booster
[-] Folder Deleted : C:\ProgramData\AdBBlocKnWaatch
[-] Folder Deleted : C:\ProgramData\AdREmoverUTUbe

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\StartSearch
[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD55A6D5-24CD-6379-E828-CFEB9F240FE0}
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\StartSearch

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2362 bytes] ##########

h4v0c

2015-09-10, 07:20

After reviewing the information in AdwCleaner[C1].txt and noticing the three "Key Not Deleted" ...

[!] Key Not Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
...
...
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\StartSearch

I thought I may have missed something. I ran another scan from AdwCleaner but according to the results in AdwCleaner[S3].txt ... nothing was found:

# AdwCleaner v5.007 - Logfile created 10/09/2015 at 00:10:59
# Updated 08/09/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : havoc - BEAST
# Running from : C:\Users\havoc\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [550 bytes] ##########

Juliet

2015-09-10, 23:08

I believe it was cleaned when the machine rebooted.

How's your computer now?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

h4v0c

2015-09-12, 04:35

I will try to kick this off either tonight or tomorrow night before I go to bed. That way, it can have all night to run without me needing my computer for anything. As soon as it finishes, I will post the results for you.

Otherwise, everything "seems" okay so far, but I haven't really tested extensively.

Juliet

2015-09-12, 13:08

everything "seems" okay so far
good to hear.

Juliet

2015-09-14, 17:08

h4v0c, still need help?

h4v0c

2015-09-15, 14:56

I apologize for the delay, I had family show up unexpectedly this weekend and did not get a chance to run the scan. I will run it tonight and let you know the results.

Juliet

2015-09-15, 20:47

good to hear from you and that will work.

Juliet

2015-09-19, 14:34

still need help?

Juliet

2015-09-30, 23:37

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.